Full Disclosure mailing list archives
TinyBrowser Upload Shell Vulnerability
From: "MustLive" <mustlive () websecurity com ua>
Date: Fri, 14 Dec 2012 23:50:30 +0200
Hello guys! I'll draw your attention to one exploit at 1337day.com (and other their domains): http://1337day.com/exploit/19732. I've wrote to 1337day.com about it already at 19.11.2012. So it should concern every list, which posted that exploit from 1337day.com. This is AFU vulnerability in TinyBrowser plugin for TinyMCE, which allows to upload scripts to the site with using of double extensions attack. At 1337day.com this exploit posted at 14.11.2012 and it concerns version TinyBrowser 1.32. But long time ago I've already disclosed this vulnerability. First, already at 09.09.2009 I've disclosed Arbitrary File Upload vulnerability in TinyBrowser (http://websecurity.com.ua/3486/, http://securityvulns.ru/Wdocument451.html), which allows in TinyBrowser 1.33 to upload php-scripts directly. Second, this is duplicate of a vulnerability in TinyBrowser, which I've disclosed already at 14.07.2011 (http://websecurity.com.ua/4922/, http://securityvulns.ru/docs26660.html, http://seclists.org/fulldisclosure/2011/Jul/209). In my advisory I've disclosed three attacks on TinyBrowser - two for IIS and one for Apache (the attack via double extensions, mentioned in this exploit) for TinyBrowser v1.42. After my informing, the developer fixed them in version 1.43. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- TinyBrowser Upload Shell Vulnerability MustLive (Dec 14)