Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Luftguitar CMS Arbitrary File Upload

By kannthu

High
Vidoc logoVidoc Module
#luftguitar#edb
Description

Luftguitar CMS Arbitrary File Upload

What is the "Luftguitar CMS Arbitrary File Upload?"

The "Luftguitar CMS Arbitrary File Upload" module is a vulnerability detection module that targets the Luftguitar CMS software. It is designed to identify a specific vulnerability in the CMS that allows arbitrary file uploads. This vulnerability has a high severity level, indicating the potential for significant damage if exploited.

Impact

If successfully exploited, the "Luftguitar CMS Arbitrary File Upload" vulnerability can allow an attacker to upload and execute arbitrary files on the target system. This can lead to unauthorized access, data breaches, and potential compromise of the entire CMS and associated resources.

How the module works?

The module works by sending a specific HTTP request to the target system's "/ftb.imagegallery.aspx" endpoint. It then applies matching conditions to determine if the vulnerability is present. The matching conditions include checking for specific HTML title tags ("" or "") in the response body and verifying that the HTTP status code is 200.

By detecting the presence of these conditions, the module can identify instances of the "Luftguitar CMS Arbitrary File Upload" vulnerability and report them for further investigation and remediation.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/ftb.imagegallery.as...
Matching conditions
word: <title>Insert Image</title>, <title>Imag...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability