You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue Summary
Pluck's module and theme installers are vulnerable to directory traversal (via zip slip).
Detailed Description
It is possible to upload a malicious zip file in order to traverse directories outside of the intended environment, potentially allowing arbitrary code execution which will run with the permissions of the user assigned to the webserver.
Reproduction Steps
Using the evilarc tool, create a zip archive containing a PHP file with a depth of 2 (python evilarch.py shell.php -d 2 -f wolf.zip)
Visit <pluck_domain>/admin.php?action=themeinstall and upload the malicious wolf.zip you created.
Visit <pluck_domain>/shell.php and you now have a PHP shell.
Impact
This vulnerability makes remote code execution under the privileges of the user running the webserver application possible.
The text was updated successfully, but these errors were encountered:
Issue Summary
Pluck's module and theme installers are vulnerable to directory traversal (via zip slip).
Detailed Description
It is possible to upload a malicious zip file in order to traverse directories outside of the intended environment, potentially allowing arbitrary code execution which will run with the permissions of the user assigned to the webserver.
Reproduction Steps
(python evilarch.py shell.php -d 2 -f wolf.zip)
<pluck_domain>/admin.php?action=themeinstall
and upload the maliciouswolf.zip
you created.<pluck_domain>/shell.php
and you now have a PHP shell.Impact
This vulnerability makes remote code execution under the privileges of the user running the webserver application possible.
The text was updated successfully, but these errors were encountered: