QuickShare File Server Path Traversal Vulnerability Leading to Remote Code Execution

A path traversal vulnerability has been identified in QuickShare File Server version 1.2.1, specifically within the FTP service. This vulnerability arises from inadequate sanitization of user-supplied file paths, allowing authenticated users to manipulate file paths and access or write files outside the designated virtual directory. With the 'Writable' option enabled by default, this flaw can be exploited to upload arbitrary files to sensitive locations such as the system32 directory. This exploitation could facilitate remote code execution through MOF injection or by placing executable files in strategic locations.

Impact

Exploitation of this vulnerability allows for directory traversal, enabling access to files outside the intended directory. Additionally, it permits the upload of files to privileged locations, such as system32, where they can be executed, leading to remote code execution.

Reproduction

To reproduce this vulnerability, an authenticated user can log into the QuickShare FTP server and navigate to the file upload feature. By sending a crafted file path that includes directory traversal sequences, it is possible to upload a file to a location outside the user's virtual directory. Once the file is uploaded to a privileged location, such as system32, it can be executed, resulting in remote code execution.

Remediation

Users are advised to update QuickShare File Server to version 1.2.2, which addresses the directory traversal vulnerability. The update can be downloaded from the QuickShare website.