Showing 1 - 3 of 3

Files from Thomas Chauchefoin

Email address	thomas.chauchefoin at synacktiv.com
First Active	2018-12-12
Last Active	2021-09-15

elFinder Archive Command Injection: Posted Sep 15, 2021; Authored by Shelby Pace, Thomas Chauchefoin | Site metasploit.com; elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT argument as part of the name parameter is still permitted and enables the execution of arbitrary commands as the www-data user.; tags | exploit, arbitrary, php; advisories | CVE-2021-32682; SHA-256 | eefba941559b0ed45889286a43dda93328d3b84159ce379897131f28b557f0ba; Download | Favorite | View

elFinder PHP Connector exiftran Command Injection: Posted Mar 12, 2019; Authored by Brendan Coles, Thomas Chauchefoin, q3rv0 | Site metasploit.com; This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allowing shell metacharacters. When performing image operations on JPEG files, the filename is passed to the exiftran utility without appropriate sanitization, causing shell commands in the file name to be executed, resulting in remote command injection as the web server user. The PHP connector is not enabled by default. The system must have exiftran installed and in the PATH. This module has been tested successfully on elFinder versions 2.1.47, 2.1.20, and 2.1.16 on Ubuntu.; tags | exploit, remote, web, shell, php; systems | linux, ubuntu; SHA-256 | 5222268c0c1677f7e0637fd6b8a807ef9ea4bfb24107aadeb85ce45155354bc3; Download | Favorite | View

WordPress Snap Creek Duplicator Code Injection: Posted Dec 12, 2018; Authored by Thomas Chauchefoin, Julien Legras | Site metasploit.com; When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them inside the wp-config.php file, leading to arbitrary PHP code execution. WARNING: This exploit WILL break the wp-config.php file. If possible try to restore backups of the configuration after the exploit to make the WordPress site work again.; tags | exploit, arbitrary, php, code execution; advisories | CVE-2018-17207; SHA-256 | 905691265705b4759d72dab396f504f56f641ea40f5dc5bc5702ab0b07cd1d7f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days