Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28870
HistoryDec 18, 2012 - 12:00 a.m.

TinyBrowser Upload Shell Vulnerability

2012-12-1800:00:00
vulners.com
44
JSON

Hello guys!

I'll draw your attention to one exploit at 1337day.com (and other their
domains): http://1337day.com/exploit/19732. I've wrote to 1337day.com about
it already at 19.11.2012. So it should concern every list, which posted that
exploit from 1337day.com.

This is AFU vulnerability in TinyBrowser plugin for TinyMCE, which allows to
upload scripts to the site with using of double extensions attack.

At 1337day.com this exploit posted at 14.11.2012 and it concerns version
TinyBrowser 1.32. But long time ago I've already disclosed this
vulnerability.

First, already at 09.09.2009 I've disclosed Arbitrary File Upload
vulnerability in TinyBrowser (http://websecurity.com.ua/3486/,
http://securityvulns.ru/Wdocument451.html), which allows in TinyBrowser 1.33
to upload php-scripts directly.

Second, this is duplicate of a vulnerability in TinyBrowser, which I've
disclosed already at 14.07.2011 (http://websecurity.com.ua/4922/,
http://securityvulns.ru/docs26660.html,
http://seclists.org/fulldisclosure/2011/Jul/209). In my advisory I've
disclosed three attacks on TinyBrowser - two for IIS and one for Apache (the
attack via double extensions, mentioned in this exploit) for TinyBrowser
v1.42. After my informing, the developer fixed them in version 1.43.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON