PDW File Browser Remote Code Execution Vulnerability

A remote code execution vulnerability exists in PDW File Browser version 1.3. This issue allows authenticated users to upload and rename web shell files, placing them in arbitrary locations on the web server. Exploitation involves uploading a .txt file containing web shell code, renaming it to .php, and using double-encoded path traversal techniques to move it to an accessible directory.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where PDW File Browser is installed.

Reproduction

To reproduce this vulnerability, upload a .txt file containing web shell code through the PDW File Browser's file upload feature. After uploading the file, use the file browser's rename functionality to change the file extension from .txt to .php and move it to a directory of choice on the web server. The path for the new location must include double-encoded characters to bypass directory traversal restrictions.