Vulnerability Description:
The function is not verified or fails to be verified. The user can control the variable to read any file
Code Analysis
In \upload\application\index\controller\Download.php, at line 10, there is a file manipulation function where the $url is a parameter that the user can control and is not filtered, and $ourput_filename is the filename to be output
From this, we can build parameters: /index/download/index?name=index.php&url=../../application/database.php
Prove
Read the web site database configuration file. PS: I used index.php because I didn't configure Apache pseudo-static
Reading server files
The text was updated successfully, but these errors were encountered:
N1ce759
changed the title
74cmsSEv3.4.1 Arbitrary File Read Vulnerability
【CVE-2022-26271】:74cmsSEv3.4.1 Arbitrary File Read Vulnerability
Mar 28, 2022
Vulnerability Name: Arbitrary File Read
Date of Discovery: 24/2/2022
Product version: 74cmsSEv3.4.1 DownloadLink : https://www.74cms.com/downloadse/show/id/62.html
Author: N1ce
Vulnerability Description:
The function is not verified or fails to be verified. The user can control the variable to read any file
Code Analysis

In \upload\application\index\controller\Download.php, at line 10, there is a file manipulation function where the $url is a parameter that the user can control and is not filtered, and $ourput_filename is the filename to be output
From this, we can build parameters:
/index/download/index?name=index.php&url=../../application/database.php
Prove


Read the web site database configuration file. PS: I used index.php because I didn't configure Apache pseudo-static
Reading server files


The text was updated successfully, but these errors were encountered: