File Upload Bypass Leads to Remote Code Execution (RCE) in cockpit-hq/cockpit
Aug 5th 2023
Vulnerable file upload functionality that users can upload files. Although almost all files with extensions like php, phtml, etc. have been prevented, an attacker can still upload phps files and remote code execute .
The Apache server which is hosting the web application need to have the ability to execute the phps file
Proof of Concept
- Link PoC: https://docs.google.com/document/d/1v-o_Uoqqwz6x8Wt9UDUHA0Q1aqakCexcvnwLl4rKdQ4/edit?usp=sharing
- Link video PoC: https://photos.app.goo.gl/zAySJVVHWo8fkXzY9
An attacker could use this vulnerability to get code execution on the victim machine