Multiple Arbitrary File Deletion vulnerabilities #486
Comments
|
Thanks, I'll fix it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Description of Vulnerability
Multiple Arbitrary File Deletion vulnerabilities in maxsite cms v 180 targeted towards web admin through admin/plugins/admin_page/all-files-update-ajax.php at the parameter dir and deletefile
affected source code:
at 15~34 in admin/plugins/admin_page/all-files-update-ajax.php
when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete).
Proof of concept (Poc)
in http://cms108.com/admin/page_edit/3 select file to delete and Send the request directly through burp
.You can traverse the directory to delete any file
(Poc)
dir=../&deletefile=del-test.phpAdditional
The same problem occurs in /cms-108/application/maxsite/admin/plugins/admin_files/admin.php at the parameter f_check_files
The text was updated successfully, but these errors were encountered: