In this Section

Security Advisory – Elcom CMS – Community Manager Insecure File Upload Vulnerability

pdf_symbol

Sense of Security – Security Advisory – SOS-12-008

Release Date. 24-Aug-2012
Last Update.
Vendor Notification Date. 28-Oct-2011
Product. Elcom CMS – Community Manager
Platform. ASP.NET
Affected versions. Elcom Community Manager version 7.4.10 and possibly others
Severity Rating. High
Impact. Exposure of sensitive information
  Exposure of system information
  System Access
Attack Vector. Remote with authentication
Solution Status. Fixed in version 7.5 and later (not verified by SOS)
CVE reference. CVE- Not yet assigned

 

Details.

The https://[server]/UploadStyleSheet.aspx script does not validate the file type passed in the parameter “myfile0” on the server side allowing the uploading and execution of ASPX files. An attacker can upload

an ASPX web shell and execute commands with web server user privileges.

 

Proof of Concept.

A shell uploaded using the vulnerable script can be accessed at the following location:

https://[server]/UserUploadedStyles/shell.aspx

 

Solution.

Upgrade to version 7.5 or later.

 

Discovered by.

Phil Taylor and Nadeem Salim from Sense of Security Labs.