Vulnerability of uploading arbitrary files in Chanjie CRM background attachment
Vulnerability description
There is an arbitrary file upload vulnerability in the background attachment of Chanje CRM. By parsing the vulnerability, you can skip the suffix change to obtain website permissions
Vulnerability impact
畅捷CRM
Vulnerability recurrence
log in page
Use a weak password to log in to the background
There are some empty passwords, and the login is successful with admin/empty password
new customer
After logging in, add a new customer, the customer name is test123456
Click the edit operation, and upload a sentence of horse, the attachment name is 12345678
Click the attachment file to jump to the file upload path
Go online to Ant Sword and get server permission
repair suggestion
目前,畅捷通公司已紧急发布漏洞补丁修复该漏洞,CNVD建议受影响的单位和用户立即升级至最新版本:
[https://www.chanjetvip.com/product/goods](https://www.chanjetvip.com/product/goods)
同时,请受漏洞影响的单位和用户立即按照以下步骤开展自查和修复工作:
1、用户自查步骤:
查询本地是否存在website/bin/load.aspx.cdcab7d2.compiled、website/bin/App_Web_load.aspx.cdcab7d2.dll、tplus/Load.aspx文件,如存在说明已经中毒,须重装系统,并安装产品打补丁。
2、未中毒用户请:
更新最新产品补丁。
安装杀毒软件,并及时升级病毒库。
升级IIS和Nginx低版本至IIS10.0和Windows 2016。
本地安装客户需尽快确认备份文件是否完整,以及做了异地备份。云上客户请及时开启镜像功能。
未能及时更新补丁的用户,可联系畅捷通技术支持,采取删除文件等临时防范措施。
3、已中毒用户请:
检查服务器是否有做定期快照或备份,如有可通过快照或备份恢复数据。
联系畅捷通技术支持,确认是否具备从备份文件恢复数据的条件及操作方法。