Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jellycms background has arbitrary file download vulnerability #1

Open
IIIIIuhrey opened this issue Mar 5, 2022 · 0 comments
Open

Comments

@IIIIIuhrey
Copy link

Vulnerability file address:
\app\admin\Controllers\db.php
1646466720612_9435969C-E92F-48ac-9496-A1EB71D40032
User can change the param file[] to download any files.
User use the packdownload functions in Database management,then change the file[] likes ../../../app/Config.php.The package likes this:
`
POST /admin.php/db/packdownload
...

files%5B%5D=../../../app/Config.php
`
then the user can download the zip file,unpack the file to get the config file contents.

@IIIIIuhrey IIIIIuhrey changed the title Jellycms background has any file download vulnerability Jellycms background has arbitrary file download vulnerability Mar 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant