CVE-2023-4559: Critical Unrestricted File Upload Vulnerability Found in Bettershop LaikeTui

A critical vulnerability, classified as CVE-2023-4559, has been discovered in Bettershop LaikeTui, a popular e-commerce software designed for businesses. This vulnerability affects the handling of POST requests in an unknown functionality of file index.php?module=api&action=user&m=upload and allows an attacker to remotely upload arbitrary files, potentially compromising the security of the application. Bettershop LaikeTui uses a rolling release strategy, so no specific version information is available for affected or updated releases. The vulnerability identifier is VDB-238160.

Exploit Details

The vulnerable component is the POST Request Handler, which is responsible for processing upload requests within the Bettershop LaikeTui application. This vulnerability is triggered by a malicious actor sending a specially crafted POST request to the following endpoint:

/index.php?module=api&action=user&m=upload

By exploiting the affected functionality, an attacker can bypass the security measures in place to prevent unauthorized file uploads, leading to unrestricted file uploads. This can allow the attacker to upload malicious files, such as PHP web shells, which can then be executed on the server to gain control over the system, exfiltrate sensitive data, and perform additional attacks.

Here is a simplified example of the vulnerable POST request handler

// index.php

// ...

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_GET['module']) && $_GET['module'] === 'api' && isset($_GET['action']) && $_GET['action'] === 'user' && isset($_GET['m']) && $_GET['m'] === 'upload') {
    $uploadedFile = $_FILES['file']; // User-supplied file
    
    // Missing security checks to validate uploaded file type and content
    
    move_uploaded_file($uploadedFile['tmp_name'], 'uploads/' . $uploadedFile['name']);
    
    // ...
}

As seen in the code snippet above, the application is missing crucial security checks to validate the uploaded file type and content, leading to unrestricted file uploads.

Original References

- Vulnerability Details: https://www.vulnerability-lab.com/get_content.php?id=238160

Mitigation

To protect against this vulnerability, it is crucial to apply proper input validation and security checks to ensure that only authorized and expected file types are allowed to be uploaded. This includes validating the file type, MIME type, and file extension, as well as validating its content for any malicious payloads.

Furthermore, as Bettershop LaikeTui uses a rolling release strategy, it is essential to keep the application updated to ensure that the latest security fixes are in place to protect against newly discovered vulnerabilities.

In conclusion, CVE-2023-4559 poses a critical threat to the security of Bettershop LaikeTui installations, allowing attackers to remotely upload arbitrary files and potentially take control over the system. Proper mitigation techniques must be implemented to protect against this vulnerability and ensure that e-commerce businesses remain secure.

Timeline

Published on: 08/27/2023 23:15:00 UTC
Last modified on: 08/29/2023 18:16:00 UTC