| Titel | DESHANG Dsshop <=3.1.0 Pre-Authentication Arbitrary File Download |
|---|
| Beschreibung | This vulnerability in the DSShop System (version ≤3.1.0) involves a Pre-Authentication Arbitrary File Download issue located in the public/install.php file. By setting a cookie to bypass the installed check and using the 'get_dblist' parameter, an attacker can connect to any MySQL server. This becomes particularly exploitable in PHP versions ≤7.1, where local infile can load files from the client side. By setting up a rogue MySQL server and sending a request, an attacker can download arbitrary files. This could potentially be used to read Phar files and trigger an unserialize operation, leading to further exploitation. |
|---|
| Quelle | ⚠️ https://note.zhaoj.in/share/Q56cf5nN9RzF |
|---|
| Benutzer | glzjin (UID 59815) |
|---|
| Einreichung | 08.01.2024 16:34 (vor 2 Jahren) |
|---|
| Moderieren | 11.01.2024 11:23 (3 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 250432 [DeShang DSShop bis 3.1.0 HTTP GET Request public/install.php erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|