| शीर्षक | icret EasyImages2.0 <=2.83 Pre-Auth Path Traversal |
|---|
| विवरण | This vulnerability pertains to a pre-authentication path traversal flaw found in EasyImage version 2.8.3. The vulnerability is located in the app/hide.php file, where an attacker can input a parameter named "key" which will be decoded in the urlHash function. By default, the hide_key in the configuration is set to 'EasyImage2.0'.
Once decoded, the key is concatenated with the real_path and then passed to the file_get_contents function. The issue here is that an attacker can exploit this path traversal vulnerability by crafting a specific key that manipulates the file_get_contents function to read any file on the system, such as /etc/passwd, thereby gaining access to sensitive information.
By constructing a specific request, an attacker can cause the system to decode a path that points to any file, enabling them to read system files. This can lead to an information leak and poses a serious threat to the security of the system.
An example of how to exploit this vulnerability has been provided in the description. This example illustrates how an attacker can construct a specific request to read the /etc/passwd file on the system. |
|---|
| स्रोत | ⚠️ https://note.zhaoj.in/share/MHnV2WLY9rxU |
|---|
| उपयोगकर्ता | glzjin (UID 59815) |
|---|
| सबमिशन | 22/12/2023 10:16 AM (2 साल पहले) |
|---|
| संयम | 24/12/2023 12:07 PM (2 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 248950 [icret EasyImages 2.8.3 app/hide.php key सूचना का प्रकटीकरण] |
|---|
| अंक | 20 |
|---|