Open unh3x opened 6 years ago
Date: 07.06.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: xiaotian.wang From DBAppSecurity CVE: CVE-2018-12053
delete_img.php
/delete_img.php?img=./uploads/school_logos/1528360893_x1.php
notice: There is a risk of file deletion,you'd better test it combined with the furthur file upload vulnerability.
Attackers can delete any file through parameter 'img' with '../' .
================= Schools Alert Management Script - Arbitrary File Deletion
Date: 07.06.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: xiaotian.wang From DBAppSecurity CVE: CVE-2018-12053
================= Vulnerable cgi:
delete_img.php
================= Proof of Concept:
notice: There is a risk of file deletion,you'd better test it combined with the furthur file upload vulnerability.
Attackers can delete any file through parameter 'img' with '../' .