We have moved to GitHub Issues
Created by nikhil 27 Nov 2014, 12:52:08 Updated by Sebastiaan Janssen 27 Aug 2018, 04:32:24
In this vulnerability, this is pre-assumed that the umbraco web application is hosted on shared server, which user's normally does. So this vulnerability is gonna be critical one. I have tested it one of my client application which is using umbraco.
What did you do?
What did you expect to happen? the file should not be uploaded What actually happened? The file gets uploaded and code got executed.
proof of concept: I have attached an image of shell code executed on umbraco (one of my clients premises)
Doesn't this also presume PHP is installed in IIS and accessible through the Umbraco installation?
Adding php to the list of disallowed files would help, correct?
yes, both the conditions could be in list of pre-assumption. Obviously disallowing php files will eliminate this issue.
Added in revision cad06502235acabf7fb7dca779d2f78f08547e39
Backwards Compatible: True
Affected versions: 7.1.9
Due in version: 7.2.0