New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Arbitrary File Delete - Security #1303
Comments
|
cron was removed nearly 7 years ago and is not part of GetSimple since version 3.1 |
|
I'm sure that what I use is 3.3.15 version. |
|
we can add a cleanup to our updater, if someone has some restore or upgrade since 2.x, interesting that we do not already though... |
|
hmmm, maybe this is just 3.4 // deprecatd files to be removed
$delete_files = array(
GSADMININCPATH.'xss.php',
GSADMININCPATH.'nonce.php',
GSADMININCPATH.'install.php',
GSADMINPATH.'load-ajax.php',
GSADMINPATH.'cron.php',
GSADMINPATH.'loadtab.php',
GSADMINPATH.'upload-uploadify.php',
GSADMINPATH.'uploadify-check-exists.php' |
|
oh this has nothing to do with cron, although that is the vector, this is still a problem if there are other php shells on the site or host |
|
|
the 'exploit' was sorted in 2015 |
|
dir traversal protection was not being applied for delete |
Hi There.
I found GetSimpleCMS-3.3.15 allows remote attackers to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
payload:
then the file /admin/cron.php will be deleted.
The text was updated successfully, but these errors were encountered: