Online Academy

Blog Details

  • Home
  • Blog
  • Pluck CMS Upload Bug Allows PHP Execution via .htaccess
Pluck CMS Upload Bug Allows PHP Execution via .htaccess

Pluck CMS Upload Bug Allows PHP Execution via .htaccess

Vulnerability exists in Pluck CMS's facility for uploading files to execute PHP on its server. The primary source of the vulnerability results from the processing methodology used for files uploaded by members of the administrator's file manager.

A user who has access to the administrator module can upload any type of file through the file upload mechanism by changing its content type to an acceptable format (e.g., image format .jpg or .png). After a file is uploaded successfully, an attacker can alter the behavior of Apache in relation to the files contained in this directory. This is accomplished by creating a new configuration entry in Apache's configuration directory for the intended image file. The most common method for doing this is to name the image ending with "jpg" but configure the server to treat it as if it were a PHP script.

Attackers are not required to utilize sophisticated attack methodologies; for example, the attacker may take advantage of Pluck CMS's administrator module and the absence of server-side validation. When a web application is compromised using this technique, the attacker can achieve full administrator access to the application, gain access to confidential data, and place a backdoor onto the compromised server.

To minimize risk, upload of .htaccess files should be disallowed completely. User uploads into folders containing images should not be allowed to execute scripts, and server-side validations of uploads should extend beyond just checking for supported MIME Types only. If you permit users to upload files in your CMS then you need to treat that permission as one of the highest risk places to be attacked.

Overview of the Concept (POC):
Proof of Concept Methodology to Create POC for this Discovered Vulnerability:
1. Login into the Pluck Admin Panel
2. Navigate to Image Management
3. Upload a file called .htaccess but show it as an image, with a bogus MIME type, when uploading. Use a .jpg File with PHP within to execute code.

Example of Sample Content for your .htaccess File. 
AddType application/x-httpd-php .jpg

Other Approaches (Redirects from Abuse):
RewriteEngine On
RewriteRule .* http://[YOUR-DOMAIN]/ [R,L]

Source: Exploit DB

Keywords:

Recent Post

Random Posts

© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067

This website uses cookies to ensure you get the best experience on our website. We need your consent to show personalized or non-personalized ads, and to use cookies for analytics purposes. By clicking "Accept", you consent to the use of cookies and the collection of data as per our Privacy Policy.