search

jbroadway / elefant

Elefant, the refreshingly simple PHP CMS and web framework.
http://www.elefantcms.com
MIT License
208 stars 39 forks source link

A PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php at V2.0.5 #287

Closed liao10086 closed 5 years ago

liao10086 commented 5 years ago

I found a php code execution vulnerability in apps/filemanager/upload/drop.php at V2.0.5 4

Sep: 1.delete /files/.htaccess
use delete file api to delete .htaccess POST /filemanager/api/rm/.htaccess

  1. php file upload by pass Use the Windows feature to add spaces after the file name. POC: delete .htaccess success delete

    upload php file success

    2

    php code execution

    3

Suggest:Use white list author by:xijun.liao@dbappsecurity.com.cn

jbroadway commented 5 years ago

Thanks for reporting this! I believe the issue is fixed in master now. I'll be making a new release tomorrow as well.