Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "rConfig 3.9.5 - Arbitrary File Upload" module is designed to detect a vulnerability in the rConfig software version 3.9.5. This vulnerability allows an attacker to upload arbitrary files through the userprocess.php endpoint. The severity of this vulnerability is classified as high, with a CVSS score of 8.8.
This module was authored by dwisiswant0.
If successfully exploited, this vulnerability can have serious consequences. An attacker can execute malware, obtain sensitive information, and modify data on the affected system.
The module sends a POST request to the "/lib/crud/userprocess.php" endpoint of the rConfig software. The request includes various form data parameters, such as "username," "password," and "email." The module then checks for two matching conditions:
If both conditions are met, the module reports a vulnerability.