Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Information Disclosure Vulnerability(Need Authentication) #18

Closed
starnightcyber opened this issue Apr 23, 2018 · 0 comments
Closed

Information Disclosure Vulnerability(Need Authentication) #18

starnightcyber opened this issue Apr 23, 2018 · 0 comments

Comments

@starnightcyber
Copy link

I found two information leakage vulnerabilities in MiniCMS, you need to login the backstage first.

The first one reveals the web root files on the web server:

Steps to reproduce:

1、Login in to the backstage http://192.168.232.181/MiniCMS-master/mc-admin/
2、Post an article
3、Checked the page and see
image
4、The url will direct to the following...
image
We can see all the files locate in web root the the server.

The second reveals the real path of the MiniCMS files

Steps to reproduce

1、Login in to the backstage http://192.168.232.181/MiniCMS-master/mc-admin/
2、Post an article
3、Try to re-edit this page, actually this page is save as iabl13.dat
image
we can see :
image
4、Using burp to intercept this request
the original id is iabl13, and we change to hello-iabl13
image
5、Actually hello-iabl13 is not really exists, error occurs
image
This vulnerability reveals the full path of MiniCMS
@bg5sbk bg5sbk closed this as completed in f8fc729 Jul 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@starnightcyber