Unrestricted File Upload at Logaritmo CRM Call Manager (Aware)
Aware Call Manager is a system developed by Logaritmo, a chilean based company. Poking around with the software I've noticed that in the source code present on client side, there were some user credentials that allowed me to login in to the platform and expand the attack research surface. After some unumeration I've reached a PHP script that allows me to upload a CSV file, and with a routinary bypass as changing the Content-Type to text/csv of a PHP custom script, I was able to upload a simple php web shell. And as I've enumerated later, I've know the place where my file was stored /supervisor/csv/filename I've looked in Shodan with the icon hash of the app, and it seems that is not quite popular :c, but at least all those machines are vulnerable due to this "Aware" software. I'll be updating this post soon..