Unrestricted Upload of file with dangerous type lead to destroying the company's reputation. in kiwitcms/kiwi
Nov 23rd 2022
In upload function i found the function accept a lot of file type and this is very dangerous because may be malicious user upload html file contain any information like go to another site or write message destroying the company's reputation like this site has been hacked by hacker
Proof of Concept
// PoC.js https://1drv.ms/v/s!AjTDEH9wRz1ugRBX4iqo_Hl0_-C0?e=MEVvSv
Upload html file contain message of any user and the real risk the file could be accessed by any unauthenticated user and will see the file normally as normal page in site
This is right PoC video link
@admin Any update?
@admin Any updates?
Answered in other reports
Marking as a valid report, will be announced via our own channel soon: https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-fwcf-753v-fgcj
From my understanding an unpatched version of Kiwi TCMS can still be used to spread around malicious files, e.g. executables but now it's easier to affect the computer of another user, instead of the Kiwi TCMS installation itself.
Will update when a fix is available.
Can you assignee a CVE