[CVE-2022–32061] Snipe-IT Version v6.0.2 — Malicious File Upload

GrimTheRipper
May 27, 2022

--

Description

# An Issue is discoverd in Snipe-IT Version v6.0.2.

# This exploit allow you to upload malicious files on server.

# We found malicious file upload when we upload file at the People menu.

Payload Attack

Proof of Concept

First, we login to the target application with admin privileges.

Then select People Menu and select User.

after that click Upload.

select malicious files to upload.

then select File Uploads Tab it will show malicious files

if someone try to download and open it the payload will be excuted.

We found the XSS!

Author

Grim The Ripper Team by SOSECURE Thailand

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

GrimTheRipper
GrimTheRipper

Written by GrimTheRipper

You get the best out of others when you give the best of yourself

No responses yet

Write a response