New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
imcat 5.2-Arbitrary file read vulnerability #7
Comments
|
|
This vulnerability is still present in v5.4 and v5.5 versions |
|
@haungtongfu
|
|
Sorry! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 ### Overview
Official website: http://txjia.com/imcat/
Version: imcat-5.2
Vulnerability type: arbitrary file reading, causing serious information leakage
Source code:https://github.com/peacexie/imcat/releases/tag/v5.2
In the file root tools adbug search.php, click$_ Request receives parameters from the front end and uses file directly without any filtering_ get_ The contents() function gets the contents of the file and prints them directly on the front page; It can jump to the previous directory by the way of "." / ", as long as the program has permission, it can read any file on the system, causing information leakage; The specific code is shown in the following two figures.
Reappearance
(1) Build the environment through phpstudy, and then log in to the background of the website

(2) Visit the following links (you can construct whatever files you want to get, and you can also get system files by ". /" tracing back)

http://127.0.0.1/imcat/root/tools/adbug/search.php?act=View&file= \root\cfgs\boot\cfg_ db.php
http://127.0.0.1/imcat/root/tools/adbug/search.php?act=View&file=../../../../../../test.txt

The text was updated successfully, but these errors were encountered: