Follow

11/13/17: Active-Exploit, CFG-Contact-Form upload.php File upload RCE | Security Bulletin

Threat Summary

Overview

An arbitrary file upload vulnerability exists within a Contact Form Generator application. A remote unauthenticated attacker can upload a malicious file to the upload directory via a request to upload.php.

Exploitation

Stages

  1. The remote unauthenticated attacker sends a multipart request and uploads a PHP file to the server.
  2. The server responds successfully with the filename in the response.
  3. The attacker sends a request to ‘cfg-contact-form/upload/<malicious file>’ to retrieve their file.

Prerequisites

The attacker should know the location of the vulnerable file on the target server. This can be achieved through Google dorks.

Vulnerability Description

An arbitrary file upload vulnerability exists within a Contact Form Generator application. The vulnerability exists in the upload.php file which does not carry out authentication or validation checks. A remote unauthenticated attacker can upload a malicious file to the upload directory via a request to upload.php. This could compromise the target server.

Alert Logic Coverage

Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.

The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.

Recommendations for Mitigation

It is recommended to remove the application in order to mitigate this vulnerability.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.