Closed oti-tech closed 10 years ago
Issue by areynold Monday Sep 09, 2013 at 15:46 GMT Originally opened as https://github.com/opentechinstitute/luci-commotion-apps/issues/13
In the same code snippet as described in #11, arbitrary file removal is possible:
https://github.com/opentechinstitute/commotion-apps/blob/3bcf912eec5d3b7b0192cf4c21e334c6775ec482/lua/luci/controller/commotion/apps_controller.lua#L534-L543
To exploit this vulnerability, attacker should set up a new application (unique name, ip address/port pair) and perform path traversal in uuid parameter to remove arbitrary file.
Originally reported as WRT-01-008
In the same code snippet as described in #11, arbitrary file removal is possible:
https://github.com/opentechinstitute/commotion-apps/blob/3bcf912eec5d3b7b0192cf4c21e334c6775ec482/lua/luci/controller/commotion/apps_controller.lua#L534-L543
To exploit this vulnerability, attacker should set up a new application (unique name, ip address/port pair) and perform path traversal in uuid parameter to remove arbitrary file.
Originally reported as WRT-01-008