Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bludit v3.13.1 Code Execution Vulnerability in "Backups" #1298

Closed
Gingsguard opened this issue Jan 5, 2021 · 2 comments
Closed

Bludit v3.13.1 Code Execution Vulnerability in "Backups" #1298

Gingsguard opened this issue Jan 5, 2021 · 2 comments

Comments

@Gingsguard
Copy link

Hi,I found a code execution vulnerability in Bludit v3.13.1 admin panel

the path is bl-plugins/backup/plugin.php

1, Log in to the admin panel
图片

2, Click the backups button
图片

3, Making evil backup zip

First download a backup

图片

then use this zip to modify

Place phpinfo.php file in path 2021-01-05-16-20-03\uploads\pages

图片

图片

Package 2021-01-05-16-20-03 as evil.zip

图片

Execute the script to generate the md5 for the .BLUDIT_BACKUP
图片

4, upload the evil backup zip

图片

5, Click the restore backup button

图片

6, Access the evil file bl-content/uploads/pages/phpinfo.php

图片

@Gingsguard
Copy link
Author

@dignajar

@dignajar
Copy link
Member

dignajar commented Jan 8, 2021

Hi,
yes was already mentioned here.
#1242

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants