[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] TinyBrowser Upload Shell Vulnerability
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <submissions@xxxxxxxxxxxxxxxxxxxxxxx>, <vuln@xxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] TinyBrowser Upload Shell Vulnerability
- From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
- Date: Fri, 14 Dec 2012 23:50:30 +0200
Hello guys!
I'll draw your attention to one exploit at 1337day.com (and other their
domains): http://1337day.com/exploit/19732. I've wrote to 1337day.com about
it already at 19.11.2012. So it should concern every list, which posted that
exploit from 1337day.com.
This is AFU vulnerability in TinyBrowser plugin for TinyMCE, which allows to
upload scripts to the site with using of double extensions attack.
At 1337day.com this exploit posted at 14.11.2012 and it concerns version
TinyBrowser 1.32. But long time ago I've already disclosed this
vulnerability.
First, already at 09.09.2009 I've disclosed Arbitrary File Upload
vulnerability in TinyBrowser (http://websecurity.com.ua/3486/,
http://securityvulns.ru/Wdocument451.html), which allows in TinyBrowser 1.33
to upload php-scripts directly.
Second, this is duplicate of a vulnerability in TinyBrowser, which I've
disclosed already at 14.07.2011 (http://websecurity.com.ua/4922/,
http://securityvulns.ru/docs26660.html,
http://seclists.org/fulldisclosure/2011/Jul/209). In my advisory I've
disclosed three attacks on TinyBrowser - two for IIS and one for Apache (the
attack via double extensions, mentioned in this exploit) for TinyBrowser
v1.42. After my informing, the developer fixed them in version 1.43.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/