Cela link clrm20 2.7.1.6 arbitrary file upload Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-07-13 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Cela link clrm20 2.7.1.6 arbitrary file upload is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload
# Date: 2018-07-13
# Shodan Dork: CLR-M20
# Exploit Author: Safak Aslan
# Software Link: http://www.celalink.com
# Version: 2.7.1.6
# CVE: 2018-15137
# Authentication Required: No
# Tested on: Windows
# Vulnerability Description
# Due to the Via WebDAV (Web Distributed Authoring and Versioning),
# on the remote server, Cela Link CLR-M20 allows unauthorized users to upload
# any file(e.g. asp, aspx, cfm, html, jhtml, jsp, shtml) which causes
# remote code execution as well.
# Due to the WebDAV, it is possible to upload the arbitrary
# file utilizing the PUT method.
As a result, on the targetIP/test.html, "the reflection of random numbers
1230123012" is reflected on the page. # Exploit Title: Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload
# Date: 2018-07-13
# Shodan Dork: CLR-M20
# Exploit Author: Safak Aslan
# Software Link: http://www.celalink.com
# Version: 2.7.1.6
# CVE: 2018-15137
# Authentication Required: No
# Tested on: Windows
# Vulnerability Description
# Due to the Via WebDAV (Web Distributed Authoring and Versioning),
# on the remote server, Cela Link CLR-M20 allows unauthorized users to upload
# any file(e.g. asp, aspx, cfm, html, jhtml, jsp, shtml) which causes
# remote code execution as well.
# Due to the WebDAV, it is possible to upload the arbitrary
# file utilizing the PUT method.