Vulnerabilities > CVE-2011-3833 - Input Validation vulnerability in Sitracker Support Incident Tracker 3.65
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
D2sec
| name | Sitracker SIT File Upload |
| url | http://www.d2sec.com/exploits/sitracker_sit_file_upload.html |
Exploit-Db
| description | Support Incident Tracker. CVE-2011-3829,CVE-2011-3833,CVE-CVE-2011-3833. Webapps exploit for php platform |
| file | exploits/php/webapps/18108.rb |
| id | EDB-ID:18108 |
| last seen | 2016-02-02 |
| modified | 2011-11-13 |
| platform | php |
| port | |
| published | 2011-11-13 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/18108/ |
| title | Support Incident Tracker <= 3.65 - Remote Command Execution |
| type | webapps |
Metasploit
| description | This module combines two separate issues within Support Incident Tracker (<= 3.65) application to upload arbitrary data and thus execute a shell. The two issues exist in ftp_upload_file.php. The first vulnerability exposes the upload dir used to store attachments. The second vulnerability allows arbitrary file upload since there is no validation function to prevent from uploading any file type. Authentication is required to exploit both vulnerabilities. |
| id | MSF:EXPLOIT/MULTI/HTTP/SIT_FILE_UPLOAD |
| last seen | 2020-06-07 |
| modified | 2017-07-24 |
| published | 2011-11-12 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/sit_file_upload.rb |
| title | Support Incident Tracker Remote Command Execution |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/106933/sit_file_upload.rb.txt |
| id | PACKETSTORM:106933 |
| last seen | 2016-12-05 |
| published | 2011-11-13 |
| reporter | Secunia Research |
| source | https://packetstormsecurity.com/files/106933/Support-Incident-Tracker-3.65-Remote-Command-Execution.html |
| title | Support Incident Tracker 3.65 Remote Command Execution |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:72324 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-72324 |
| title | Support Incident Tracker <= 3.65 Remote Command Execution |
References
- http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt
- http://secunia.com/advisories/45453
- http://secunia.com/secunia_research/2011-79/
- http://www.exploit-db.com/exploits/18108
- http://www.kb.cert.org/vuls/id/576355
- http://www.osvdb.org/77003
- http://www.securityfocus.com/bid/50632
- http://www.securityfocus.com/bid/50896
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71237
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71651