[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Prestashop < v1.4.9.0 - Blockstore module : Arbitrary file upload

Author
leviathan
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-19282
Category
web applications
Date add
29-08-2012
Platform
php
# Exploit Title: Prestashop < v1.4.9.0 - Blockstore module : Arbitrary file upload
# Date: 2012-08-29
# Author: leviathan
# Vendor or Software Link: http://www.prestashop.com
# Version: < 1.4.9.0 
# Category:: webapps
# Google dork: 
# Tested on: Prestashop 1.4.8.2 / Prestashop 1.5.0.13
# Demo site: 

-----
Description :

Arbitrary file upload

-----
Issue :

- create an image
- open it with text editor and add PHP code (must have a valid image mimetype after PHP injection)
- save with php extension
- go to admin panel and blockstore module configuration
- upload image
- call http://localhost/prestashop/modules/blockstore/[your filename].php

-----
Credential required :

- admin panel access with blockstore module configuration allowed

-----
Affected version :

Prestashop < 1.4.9.0
Prestashop < 1.5.0.15 (1.5 RC2) (< r16722)

-----
Solution :

update to 1.4.9.0 or 1.5.0.15

-----
Report timeline :

2012-08-02 - Found the security issue
2012-08-03 - Vendor notified
2012-08-03 - Vendor response
2012-08-06 - Fix issue on SVN (r16720 and r16722)
2012-08-24 - New release (1.4.9) with fix
2012-08-29 - Public disclosure



#  0day.today [2024-12-24]  #