Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1251 Admin Console Security
  3. OF-1021

Admin Console Arbitrary File Upload Vulnerability

    XMLWordPrintable

    Details

      Description

      hyp3rlinx reported that Openfire v3.10.2 suffers from a arbitrary file upload vulnerability.

      Full details: https://packetstormsecurity.com/files/133561/Openfire-3.10.2-Arbitrary-File-Upload.html

      Vulnerability Details:
      The application specifies that Plugin files (.jar) can be uploaded directly by using the form, however so can the following:

      • .exe
      • .php
      • .jsp
      • .py
      • .sh

      Exploit code(s):

      1. Choose some malicious file using the File browser
      2. Click 'upload plugin'
        http://localhost:9090/plugin-admin.jsp
        Our malicious uploaded files will be stored under the '/openfire/plugins' directory.

        Attachments

          Activity

            People

            • Assignee:
              guus Guus der Kinderen
              Reporter:
              timd Tim Durden
            • Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: