search

BarracudaDrive/FuguHub

BarracudaDrivearrow-up-right, renamed to FuguHubarrow-up-right in version 7.5, is a lightweight web application and content management system designed to provide remote file management, personal cloud storage, and secure access to private resources. It is frequently deployed on both personal and small business networks to simplify file sharing, remote administration, and content hosting. The platform integrates features such as secure tunnels, embedded web servers, and user-friendly management interfaces, making it a versatile solution for environments that require both accessibility and ease of configuration.

hashtag
Local PE (Infra)

BarracudaDrive version 6.5 is affected by an insecure folder permissions vulnerability (48789arrow-up-right). The flaw exists because the application creates folders with improper access controls, allowing non-privileged users to read or write data that should otherwise remain restricted. By exploiting this weakness, an attacker can traverse into sensitive directories, upload or modify files, and potentially escalate privileges within the application environment.

# Insecure Folder Permission (C → Create Files/Write Data)
C:\>cacls C:\bd
C:\bd BUILTIN\Administrators:(OI)(CI)(ID)F
      NT AUTHORITY\SYSTEM:(OI)(CI)(ID)F
      BUILTIN\Users:(OI)(CI)(ID)R
      NT AUTHORITY\Authenticated Users:(ID)C
      NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(ID)C

# Insecure File/Service Permission
C:\>cacls C:\bd\bd.exe
C:\bd\bd.exe BUILTIN\Administrators:(ID)F
             NT AUTHORITY\SYSTEM:(ID)F
             BUILTIN\Users:(ID)R
             NT AUTHORITY\Authenticated Users:(ID)C

See Service Binary Hijackingarrow-up-right for how to leverage the above binary permissions.

hashtag
Authenticated PE (Web UI)

If access to the FuguHub UI is available, an .lsp payload can be uploaded to achieve RCE:

Payload based on rev.lsparrow-up-right:

PreviousCMSNextCS-Cart

Last updated