module

V-CMS PHP File Upload and Execute

Disclosed
11/27/2011
Created
05/30/2018

Description

This module exploits a vulnerability found on V-CMS's inline image upload feature.
The problem is due to the inline_image_upload.php file not checking the file type
before saving it on the web server. This allows any malicious user to upload a
script (such as PHP) without authentication, and then execute it with a GET request.

The issue is fixed in 1.1 by checking the extension name. By default, 1.1 only
allows jpg, jpeg, png, gif, bmp, but it is still possible to upload a PHP file as
one of those extension names, which may still be leveraged in an attack.

Authors

AutoSec Toolssinn3r

Platform

PHP

Architectures

php

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:

    msf > use exploit/linux/http/vcms_upload
    msf /(d) > show actions
        ...actions...
    msf /(d) > set ACTION < action-name >
    msf /(d) > show options
        ...show and set options...
    msf /(d) > run
  
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.