CVE-2014-2044

ownCloud < 5.0 - Authenticated Remote Code Execution via Alternate Data Stream Filename Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2044. PoCs published by Portcullis.

AI-analyzed exploit summary This exploit leverages Windows Alternate Data Streams (ADS) to bypass ownCloud's blacklist and upload a malicious .htaccess file, enabling PHP code execution. It requires authenticated access and targets Windows installations of ownCloud 4.0.x and 4.5.x.

Description

Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Portcullis · textwebappsmultiple

https://www.exploit-db.com/exploits/32162

View Code ZIP pw:eip

This exploit leverages Windows Alternate Data Streams (ADS) to bypass ownCloud's blacklist and upload a malicious .htaccess file, enabling PHP code execution. It requires authenticated access and targets Windows installations of ownCloud 4.0.x and 4.5.x.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ownCloud 4.0.x & 4.5.x (Windows)

Auth required

Prerequisites: Authenticated access to ownCloud · Windows-based ownCloud installation

MITRE ATT&CK