Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EasyImages2.0 arbitrary file download vulnerability #75

Closed
sunset-move opened this issue Dec 27, 2022 · 1 comment
Closed

EasyImages2.0 arbitrary file download vulnerability #75

sunset-move opened this issue Dec 27, 2022 · 1 comment

Comments

@sunset-move
Copy link

EasyImages2.0 arbitrary file download vulnerability

Found on: 2022-12-27

Impact version

EasyImages2.0 ≤ v2.6.7

Analysis Report:

Vulnerability path: /application/down.php

image

You can download any file in the host by passing the dw parameter to the get request

Fixes

Specify the download directory to download only for the specified directory, other directories are filtered and requests are rejected.
@icret
Copy link
Owner

icret commented Dec 28, 2022

Thanks for your feedback, I will repair it in time!

icret added a commit that referenced this issue Dec 29, 2022
@icret
v2.6.8
cbaf3a3 
- 上传组件支持到 PHP 8.2
- 修复下载任意文件漏洞 [#75](#75)
- 增加自定义底部信息
- 增加自定义管理提示
- 增加图床模式
  - 危险:除图片外不验证文件是否正常,也代表可以上传任意指定格式!
- 增加上传时生成缩略图(仅设置直链缩略图时生效),低配vps负载较大,影响前端上传速度!
- 其他一些优化
@icret icret closed this as completed Jan 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@icret @sunset-move