exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Pydio / AjaXplorer 5.0.3 Shell Upload

Pydio / AjaXplorer 5.0.3 Shell Upload
Posted Nov 11, 2013
Authored by Craig Arendt

Pydio / AjaXplorer versions 5.0.3 and below suffer from an unrestricted upload functionality that allows for remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2013-6227
SHA-256 | 4be5d190daa8b3fcada9f61cced7e8b97fa83b63d6ef89628b5c0394edde5bb1

Pydio / AjaXplorer 5.0.3 Shell Upload

Change Mirror Download
Vulnerability in Pydio/AjaXplorer < = 5.0.3

============
Background:
Pydio allows you to instantly turn any server into a powerful file sharing platform. Formerly known as AjaXplorer

============
Description of vulnerability

There is an unrestricted upload capability, in one of the plugins that is distributed with Pydio 5.0.3 core to AjaXplorer 3.3.5.

An attacker may use this vulnerability to upload arbitrary files in a location that an attacker can control, and will allow remote code execution on the server. Exploiting this vulnerability does not require authentication.
============
Details:

/plugins/editor.zoho/agent/save_zoho.php

The uploaded file through $_FILES to save_zoho.php will be moved to a path that the user can control with the format parameter passed from the user. Because the file formats allowed are not restricted, and is also used in a move path, this can be used to upload arbitrary files to the server.

============
CVE:
The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2013-6226 to this issue. This is a candidate for inclusion in the CVE list.

============
Vendor Response:
Upgrade to Pydio v5.0.4 or higher.
http://pyd.io/pydio-core-5-0-4/

============
Timeline:
============
October 13, 2013: Vulnerability identified
October 14, 2013: Vendor notified
October 14, 2013: Patch released
November 10, 2013: Disclosure
============
Research:
============
Craig Arendt (redfsec)
http://www.redfsec.com/CVE-2013-6227
Login or Register to add favorites

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close