[Challenge 11:] Joomla Media Manager File Upload Vulnerability

IP ADDRESS: 172.19.19.9

OPERATING SYSTEM: Windows Server 2008 R2

Tools Used:

  • NMAP
  • NIKTO
  • NESSUS
  • METASPLOIT

Methodology:

NMAP

nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY 172.19.19.9

NIKTO

Nessus

CHECK SOURCE CODE

METASPLOIT

Vulnerabilities and Recommendations:

Microsoft Windows 8 Unsupported Installation Detection - The remote operating system is no longer supported.

  • The remote host is running Microsoft Windows 8. Support for this operating system by Microsoft ended January 12th, 2016.

    • SOLUTION: Upgrade to a version of Microsoft Windows that is currently supported.

MS14-066: Vulnerability in Schannel Could Allow Remote Code Execution - The remote Windows host is affected by a remote code execution vulnerability.

  • The remote Windows host is affected by a remote code execution vulnerability due to improper processing of packets by the Secure Channel (Schannel) security package. An attacker can exploit this issue by sending specially crafted packets to a Windows server.

    • SOLUTION: Microsoft has released a set of patches for Windows 2003, Vista, 2008, 7, 2008 R2, 8, 2012, 8.1, and 2012 R2.

PHP 5.4.x < 5.4.30 Multiple Vulnerabilities - The remote web server is running a version of PHP that is affected by multiple vulnerabilities.

  • Boundary checking errors exist related to the Fileinfo extension, Composite Document Format (CDF) handling and the functions 'cdf_read_short_sector', 'cdf_check_stream_offset', 'cdf_count_chain', and 'cdf_read_property_info'. (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487)

  • A pascal string size handling error exists related to the Fileinfo extension and the function 'mconvert'. (CVE-2014-3478)

  • A type-confusion error exists related to the Standard PHP Library (SPL) extension and the function 'unserialize'. (CVE-2014-3515)

  • An error exists related to configuration scripts and temporary file handling that could allow insecure file usage. (CVE-2014-3981)

  • A heap-based buffer overflow error exists related to the function 'dns_get_record' that could allow execution of arbitrary code. (CVE-2014-4049)

  • A type-confusion error exists related to the function 'php_print_info' that could allow disclosure of sensitive information. (CVE-2014-4721)

  • An out-of-bounds read error exists in the timelib_meridian_with_check() function due to a failure to properly check string ends. A remote attacker can exploit this to cause a denial of service condition or to disclose memory contents. (VulnDB 130082)

  • An out-of-bounds read error exists in the date_parse_from_format() function due to a failure in the date parsing routines to properly check string ends. A remote attacker can exploit this to cause a denial of service condition or to disclose memory contents. (VulnDB 130083)

    • SOLUTION: Upgrade to PHP version 5.4.30 or later.

PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow - An unspecified overflow vulnerability in the function '_php_stream_scandir' in the file 'main/streams/streams.c'

  • SOLUTION: Upgrade to PHP version 5.4.5 or later.PHP 5.4.x < 5.4.30 Multiple Vulnerabilities - The remote web server is running a version of PHP that is affected by multiple vulnerabilities.

    • Boundary checking errors exist related to the Fileinfo extension, Composite Document Format (CDF) handling and the functions 'cdf_read_short_sector', 'cdf_check_stream_offset', 'cdf_count_chain', and 'cdf_read_property_info'. (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487)

    • A pascal string size handling error exists related to the Fileinfo extension and the function 'mconvert'. (CVE-2014-3478)

    • A type-confusion error exists related to the Standard PHP Library (SPL) extension and the function 'unserialize'. (CVE-2014-3515)

    • An error exists related to configuration scripts and temporary file handling that could allow insecure file usage. (CVE-2014-3981)

    • A heap-based buffer overflow error exists related to the function 'dns_get_record' that could allow execution of arbitrary code. (CVE-2014-4049)

    • A type-confusion error exists related to the function 'php_print_info' that could allow disclosure of sensitive information. (CVE-2014-4721)

    • An out-of-bounds read error exists in the timelib_meridian_with_check() function due to a failure to properly check string ends. A remote attacker can exploit this to cause a denial of service condition or to disclose memory contents. (VulnDB 130082)

    • An out-of-bounds read error exists in the date_parse_from_format() function due to a failure in the date parsing routines to properly check string ends. A remote attacker can exploit this to cause a denial of service condition or to disclose memory contents. (VulnDB 130083)

      • SOLUTION: Upgrade to PHP version 5.4.30 or later.

    PHP 5.4.x < 5.4.5 _php_stream_scandir Overflow - An unspecified overflow vulnerability in the function '_php_stream_scandir' in the file 'main/streams/streams.c'

    • SOLUTION: Upgrade to PHP version 5.4.5 or later.

results matching ""

    No results matching ""