all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CrushFTP Remote Code Execution

Add to bookmarks
April 15, 2024, 4:35 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by sending an HTTP request with specially crafted Header key-value pairs. This enables an unauthenticated attacker to access files anywhere on the server file system and steal the session cookies of valid authenticated users. The attack consists in hijacking a user's session and …

access attacker attributes code code execution crushftp cve exploit files header http key metasploit modification object remote code remote code execution request session unauthenticated value vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

Windows PspBuildCreateProcessContext Double-Fetch / Buffer Overflow 7 hours ago | packetstormsecurity.com
buffer buffer overflow code concept +11
Windows NtQueryInformationThread Double-Fetch / Arbitrary Write 7 hours ago | packetstormsecurity.com
code concept escalation fetch +7
undefinedExploiting The NT Kernel In 24H2undefined 7 hours ago | packetstormsecurity.com
blog bugs code escalation +8
osCommerce 4 Cross Site Scripting 7 hours ago | packetstormsecurity.com
cross site scripting discovery november scripting +2
Ubuntu Security Notice USN-6758-1 7 hours ago | packetstormsecurity.com
access attacker denial of service issue +13
Ubuntu Security Notice USN-6761-1 7 hours ago | packetstormsecurity.com
accounts attacker changing credentials +10
Ubuntu Security Notice USN-6759-1 7 hours ago | packetstormsecurity.com
attacker crash denial of service issue +10
Ubuntu Security Notice USN-6757-1 7 hours ago | packetstormsecurity.com
arbitrary code attacker code cookies +12
Red Hat Security Advisory 2024-2528-03 7 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +4

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Emergency Management Invoice Compliance Reviewer

@ AC Disaster Consulting | Denver, Colorado, United States - Remote
View on infosec-jobs.com

Threat Intelligence Librarian

@ Microsoft | Cheltenham, Gloucestershire, United Kingdom
View on infosec-jobs.com

Cyber Content Operations Manager - Remote in UK

@ Immersive Labs | United Kingdom
View on infosec-jobs.com

(Junior) Security Engineer (m/w/d)

@ CHECK24 | Berlin, Germany
View on infosec-jobs.com

Cyber Security

@ Necurity Solutions | Bengaluru, Karnataka, India
View on infosec-jobs.com
View more jobs