Hello, I found that there are some problems with Fiyo CMS, hoping to help you and your work Fiyo CMS version 2.0.7 has a vulnerability to remove any file.
There is no need to login in when exploiting this vulnerability
The code does not correct the $POST['type'] and $ POST[file],
these two parameters can be attacked by the attacker, the incoming malicious parameters caused by any file delete vulnerability
The text was updated successfully, but these errors were encountered:
Rai4over
changed the title
Backuper.php $ type $ file variable have the vulnerability to delete any files
Backuper.php $_POST['type'] $_POST[file] variable have the vulnerability to delete any files
Jul 21, 2017
Hello, I found that there are some problems with Fiyo CMS, hoping to help you and your work
Fiyo CMS version 2.0.7 has a vulnerability to remove any file.
There is no need to login in when exploiting this vulnerability
The code does not correct the $POST['type'] and $ POST[file],
these two parameters can be attacked by the attacker, the incoming malicious parameters caused by any file delete vulnerability
File location: dapur\apps\app_config\controller\backuper.php
(https://github.com/FiyoCMS/FiyoCMS/blob/master/dapur/apps/app_config/controller/backuper.php )
Vulnerability Verification (this will remove LICENSE.txt under Web root)
Url: http://127.0.0.1/dapur/apps/app_config/controller/backuper.php
Referrer: http://127.0.0.1
POST: type = database & file = .. \ LICENSE.txt
Detailed request packet
Discoverer: Rai4over of Neusoft
The text was updated successfully, but these errors were encountered: