Blogengine 3.3.6.0 Exploit

To date, this exploit has been used in:

The BlogEngine 3.3.6.0 exploit works by taking advantage of a weakness in the file upload handling mechanism. Here's a step-by-step breakdown of the exploit: blogengine 3.3.6.0 exploit

For security professionals, this exploit serves as a textbook case of . The developers assumed that obscurity of the FileManager endpoint and reliance on client-side JavaScript checks would suffice. The lessons are universal: To date, this exploit has been used in: The BlogEngine 3

: Attackers can inject malicious scripts into the "Content" parameter of blog posts, which execute in the browser of any user (including admins) viewing the post. Directory Traversal (CVE-2019-10719) : A secondary traversal flaw exists in the /api/upload The lessons are universal: : Attackers can inject

[malicious code]

The vulnerability resides in the way the application handles the theme parameter within the /Custom/Controls/PostList.ascx.cs file. The software fails to properly validate this parameter, which is intended to let users override the default theme for blog pages.

SecRule REQUEST_FILENAME "\.apost$" "id:100001,deny,status:403,msg:'BlogEngine .apost Upload'" SecRule REQUEST_BODY "TextFormattingRunProperties" "id:100002,deny,status:403"