Closed debug601 closed 2 years ago
This is a duplicate of issue #100 which has been fixed in the latest dev version.
This is a new way to use it.
See if it still exists in the latest dev version. issue #100 is fixed in the latest version, which should make zip zip impossible.
查看它是否仍存在于最新的开发版本中。问题#100在最新版本中已修复,这应该使zip无法进行。
I also tested it on Pulck4.7.16.dev1 and found this vulnerability. This means that pluck4.7.15 has not fixed this utilization method at all. This is fundamentally different from # 100. I believe this loophole exists in pluck4.7.15,pluck4.7.16.dev1-dev3 and all the versions you have released so far. I want to apply for cve for each version.
See if it still exists in the latest dev version. issue #100 is fixed in the latest version, which should make zip zip impossible.
You shouldn't say that my use is repeated. He is real.
Issue Summary Pluck's module and installmodule are vulnerable to directory traversal (via zip slip) and arbitrary code execution. php version: php5.2.1 Detailed Description There is a problem in Pluuck 4.7.15. / data/inc/module_install.php allows remote malicious users to upload malicious zip files to traverse directories outside the expected environment, which may allow execution of arbitrary code that will run with the privileges of the user assigned to the Web server.
Vulnerability url: http://192.168.1.128/pluck4.7.15/admin.php?action=installmodule
Vulnerability POC:
arbitrary code execution
Impact This vulnerability allows remote code execution and directory traversal under the privileges of the user running the Web server application.