제출 #263994: DESHANG Dsshop <=3.1.0 Pre-Authentication Arbitrary File Download정보

제목DESHANG Dsshop <=3.1.0 Pre-Authentication Arbitrary File Download
설명This vulnerability in the DSShop System (version ≤3.1.0) involves a Pre-Authentication Arbitrary File Download issue located in the public/install.php file. By setting a cookie to bypass the installed check and using the 'get_dblist' parameter, an attacker can connect to any MySQL server. This becomes particularly exploitable in PHP versions ≤7.1, where local infile can load files from the client side. By setting up a rogue MySQL server and sending a request, an attacker can download arbitrary files. This could potentially be used to read Phar files and trigger an unserialize operation, leading to further exploitation.
원천⚠️ https://note.zhaoj.in/share/Q56cf5nN9RzF
사용자
 glzjin (UID 59815)
제출2024. 01. 08. PM 04:34 (2 연령 ago)
모더레이션2024. 01. 11. AM 11:23 (3 days later)
상태수락
VulDB 항목250432 [DeShang DSShop 까지 3.1.0 HTTP GET Request public/install.php 권한 상승]
포인트들20

Want to know what is going to be exploited?

We predict KEV entries!