New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bludit V3.12.0 -- Admin File Upload vulnerability #1218
Comments
This was referenced Jun 28, 2020
Merged
|
Hellow, my solution, as submitted as 2 pull requests, is
This should fix this vulnerability. ~ Sam. PS.: Thanks for mention Burp Suite, didn't know about this program. It's really cool. :D |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment

Describe your problem
A file upload vulnerability was discovered in Bludit V3.12.0
Hackers need administrator rights.
Hacker can use a backup file to control the server.
Steps to reproduce the problem
Download the latest version of bludit from GitHub.
Using burpsuite when uploading logo in the background.
Change picture content to PHP code
<?php eval($_POST[cmd]); ?>If you unzip the backup to modify it, the upload will be blocked by WAF.
Vulnerability in /bl-plugins/backup/plugin.php
We can check the image content uploaded by users.
Or just delete the backup module
Bludit version
V3.12.0
PHP version
PHP7.3.9nts
The text was updated successfully, but these errors were encountered: