Exploits / Vulnerability Discovered : 2018-03-30 |
Type : webapps |
Platform : php
This exploit / vulnerability Joomla! component acysms 3.5.0 csv macro injection is for educational purposes only and if it is used you will do on your own risk!
AcySMS is a component which enables you to send follow-up campaigns,
auto-responders, newsletters, promotions, special offers, automated
messages... via SMS/Text Messages.
2. Technical Description:
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in
the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla!
via a value that is mishandled in a CSV export.
3. Proof Of Concept:
Login as low privileged user who is having access to AcySMS Component.
Rename user name as @SUM(1+1)*cmd|' /C calc'!A0.
When high privileged user logged in and exported user data then the CSV
Formula gets executed and calculator will get popped in his machine.
4. Solution:
Upgrade to version 3.5.1
https://extensions.joomla.org/extensions/extension/communication/phone-a-sms/acysms/