The SWFUpload project is a library designed to allow plugin developers to easily add file upload functionality to their plugins. The library is associated with a number of vulnerabilities including Arbitrary File Uploads as the script does not enforce any restrictions on file contents or extensions. A remote attacker can send a well-formed upload request to the SWFUpload script and upload executable files such as web shells.
Exploitation
Stages
- An unauthenticated remote attacker sends a PHP file upload POST request to an application utilizing SWFUpload.
- The application returns a 200 response containing the string ‘uploadSuccess event’.
Prerequisites
The attacker must be able to send crafted packets to the target system.
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.
Recommendations for Mitigation
Upgrade to a non-vulnerable version to mitigate this vulnerability.
Comments
0 comments
Please sign in to leave a comment.