Home page logo

fulldisclosure logo Full Disclosure mailing list archives

IA and AFU vulnerabilities in aCMS
From: "MustLive" <mustlive () websecurity com ua>
Date: Tue, 4 Jun 2013 23:56:37 +0300

Hello list!

These are Insufficient Authorization and Arbitrary File Uploading
vulnerabilities in aCMS. This is commercial CMS. There are multiple
vulnerabilities in aCMS and it's the second part of them.

Affected products:

Vulnerable are aCMS 1.0 and previous versions.

Affected vendors:



Insufficient Authorization (WASC-02):

There is no restriction on accessing file manager and image manager. Which
is not default behavior (developer of MCFileManager and MCImageManager
states, that by default these web applications require authorization) and is
made by developers of aCMS.



Arbitrary File Uploading (WASC-31):

Plugins MCFileManager and MCImageManager for TinyMCE, which are using in the
system, are vulnerable to execution of arbitrary code through bypass of
programs' security filters (on IIS and Apache web servers).



Code will execute via file uploading. The first program is vulnerable to
three methods of code execution: via using of symbol ";" (1.asp;.txt) in
file name (IIS). via "1.asp" in folder name (IIS), via double extension
(1.php.txt) (Apache with special configuration). And the second program is
vulnerable to two methods of code execution (#1 and #3).

2013.03.04 - informed developers about part of the vulnerabilities.
2013.04.03 - informed developers about another part of the vulnerabilities.
2013.04.06 - announced at my site.
2013.04.07 - informed developers about another part of the vulnerabilities.
2013.05.25 - informed developers about another part of the vulnerabilities.
In all cases the developers just ignored all messages via different e-mails
and contact form.
2013.06.04 - disclosed at my site (http://websecurity.com.ua/6428/).

Best wishes & regards,
Administrator of Websecurity web site

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • IA and AFU vulnerabilities in aCMS MustLive (Jun 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]