Dotclear 2.7.3 Upload File Issue

I was messing around with an open-source CMS yesterday and notice a possible security issue with the default installation of Dotclear version 2.7.3. Checking the CVE database (CVE-2014-3782),  I found that this issue has already been raised a while back. Appears that is it not fixed entirely as it turns out that the Media Manager in a default install of Dotclear 2.7.3 only blocks .php files (a setting in config) from being uploaded. I attempt to upload .php5 webshell, .html (with XSS) and .exe and succeeded.

The default installation should have configs that block some potentially “more harmful” extensions such as .exe, .html, .shtml, .php5 etc.

Some screenshots:

media

media4

media2

media3

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s