Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Delete or read any files on the server #35

Closed
blackwolfsec opened this issue Jan 14, 2017 · 5 comments
Closed

Delete or read any files on the server #35

blackwolfsec opened this issue Jan 14, 2017 · 5 comments

Comments

@blackwolfsec
Copy link

hi:
I find a vulnerability in version 6.8.3-stable, an attacker can exploit this vulnerability to delete or read any files on the server,it can also be used to determine whether a file exists.
In b2evolution/inc/files/files.ctrl.php,the parameter 'fm_selected[]' is vulnerable. So an attacker can use ../../../../ to traversal directory.
If you want to know more details about the vulnerability, please send me an email.My email is blackwolf5240@gmail.com

@fplanque
Copy link
Contributor

fplanque commented Jan 14, 2017

Thank you for reporting.

I sent you an email, did you get it?

@fplanque
Copy link
Contributor

Thank you for reporting this. We will fix this ASAP.
Fortunately this issue is only exposed to people who have access to the back-office.

@fplanque
Copy link
Contributor

Here is a fix that will be included in the next release, probably tomorrow:
26841d9

@blackwolfsec
Copy link
Author

After the patch is released, can I post this vulnerability on my personal blog?

@fplanque
Copy link
Contributor

Fix released: http://b2evolution.net/downloads/6-8-4

@blackwolfsec sure!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants