U4-5901 - Remote Code Execution

Created by nikhil 27 Nov 2014, 12:52:08 Updated by Sebastiaan Janssen 27 Aug 2018, 04:32:24

In this vulnerability, this is pre-assumed that the umbraco web application is hosted on shared server, which user's normally does. So this vulnerability is gonna be critical one. I have tested it one of my client application which is using umbraco.

What did you do?

  1. logged in to umbraco application.
  2. Upload a PHP file which contains malicious code(a shell script).
  3. Access the PHP file, the code will gets executed.

What did you expect to happen? the file should not be uploaded What actually happened? The file gets uploaded and code got executed.

proof of concept: I have attached an image of shell code executed on umbraco (one of my clients premises)

Comments

Sebastiaan Janssen 27 Nov 2014, 13:18:47

Doesn't this also presume PHP is installed in IIS and accessible through the Umbraco installation?


Sebastiaan Janssen 27 Nov 2014, 13:20:47

Adding php to the list of disallowed files would help, correct?


nikhil 27 Nov 2014, 13:28:27

yes, both the conditions could be in list of pre-assumption. Obviously disallowing php files will eliminate this issue.


Sebastiaan Janssen 27 Nov 2014, 13:32:22

Added in revision cad06502235acabf7fb7dca779d2f78f08547e39


Priority: Normal

Type: Bug

State: Fixed

Assignee:

Difficulty: Normal

Category: Security

Backwards Compatible: True

Fix Submitted:

Affected versions: 7.1.9

Due in version: 7.2.0

Sprint:

Story Points:

Cycle: