rConfig 3.9.5 - Arbitrary File Upload

What is the "rConfig 3.9.5 - Arbitrary File Upload?" module?

The "rConfig 3.9.5 - Arbitrary File Upload" module is designed to detect a vulnerability in the rConfig software version 3.9.5. This vulnerability allows an attacker to upload arbitrary files through the userprocess.php endpoint. The severity of this vulnerability is classified as high, with a CVSS score of 8.8.

This module was authored by dwisiswant0.

Impact

If successfully exploited, this vulnerability can have serious consequences. An attacker can execute malware, obtain sensitive information, and modify data on the affected system.

How does the module work?

The module sends a POST request to the "/lib/crud/userprocess.php" endpoint of the rConfig software. The request includes various form data parameters, such as "username," "password," and "email." The module then checks for two matching conditions:

- The response body should contain the phrase "User [random string] successfully added to Database." This indicates that the arbitrary file upload was successful. - The response status code should be 302, indicating a redirect. This is another confirmation that the upload was successful.

If both conditions are met, the module reports a vulnerability.