Any file deletion vulnerability was found in WuzhicMS V4.1.0, which allows an attacker to delete any other file.The exploit condition is the login background and Directory overflow.
Vulnerable Files:coreframe\app\attachment\admin\index.php
Enter the directory mode of the extension module
2.In directory mode, click return to the previous directory
3.Discover parameters by capturing packets "dir=.",Change the parameter to "dir=.."
After the directory overflow, more delete options were found than before
4.Remove robots.txt as a test,Click delete robots.txt
Delete the success!
5.We discover parameters by request:"url=../robots.txt",Let's try to change the path to something else
6.A new test.php file was created on disk for the test
7.Change the parameter to "URL =../../../../../../../../test.php
Delete the success!Test.php cannot be found.
Any file deletion vulnerability was found in WuzhicMS V4.1.0, which allows an attacker to delete any other file.The exploit condition is the login background and Directory overflow.
Vulnerable Files:coreframe\app\attachment\admin\index.php
exploitation of vulnerability:
2.In directory mode, click return to the previous directory
3.Discover parameters by capturing packets "dir=.",Change the parameter to "dir=.."
After the directory overflow, more delete options were found than before
4.Remove robots.txt as a test,Click delete robots.txt
Delete the success!
5.We discover parameters by request:"url=../robots.txt",Let's try to change the path to something else
6.A new test.php file was created on disk for the test
7.Change the parameter to "URL =../../../../../../../../test.php
Delete the success!Test.php cannot be found.
The POC is as follows: The path and parameters are determined according to the actual situation
http://example.com/index.php?v=del&url=../../../../../../../../test.php&m=attachment&f=index&_su=wuzhicms&_menuid=29&_submenuid=52
The text was updated successfully, but these errors were encountered: