Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

【CVE-2022-26271】:74cmsSEv3.4.1 Arbitrary File Read Vulnerability #1

Closed
N1ce759 opened this issue Feb 24, 2022 · 0 comments
Closed

Comments

@N1ce759
Copy link
Owner

N1ce759 commented Feb 24, 2022

  • Vulnerability Name: Arbitrary File Read

  • Date of Discovery: 24/2/2022

  • Product version: 74cmsSEv3.4.1 DownloadLink : https://www.74cms.com/downloadse/show/id/62.html

  • Author: N1ce

  • Vulnerability Description:
    The function is not verified or fails to be verified. The user can control the variable to read any file

  • Code Analysis
    In \upload\application\index\controller\Download.php, at line 10, there is a file manipulation function where the $url is a parameter that the user can control and is not filtered, and $ourput_filename is the filename to be output
    image
    From this, we can build parameters:
    /index/download/index?name=index.php&url=../../application/database.php

  • Prove
    Read the web site database configuration file. PS: I used index.php because I didn't configure Apache pseudo-static
    image
    image

Reading server files
image
image

@N1ce759 N1ce759 changed the title 74cmsSEv3.4.1 Arbitrary File Read Vulnerability 【CVE-2022-26271】:74cmsSEv3.4.1 Arbitrary File Read Vulnerability Mar 28, 2022
@N1ce759 N1ce759 closed this as completed Mar 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant