Two years ago, Progress released a security advisory about a cryptographic weakness issue in Telerik UI for ASP.NET AJAX components that can result in an arbitrary file upload, allowing unauthenticated attackers to compromise vulnerable websites via uploading a webshell. CMSes that use the component, such as DotNetNuke, Sitefinity, are also affected.
While the issue is already 2 years old, and there is no doubt that most of you already knew about it (a detailed analysis, or an automated tool to exploit the issue can be found easily on the internet), it’s still one of most interesting vulnerabilities I’ve found so far.
If even a silly love story has a place on my personal blog, then why isn’t this one?
The Text Editor component of Telerik UI for ASP.NET AJAX has a built-in File Manager feature that allows users to upload files (images, documents, …) and then insert them into their posts.