2. Tech
  3. PHPBB attachment module http post injected into the remote directory traversal vulnerability

PHPBB attachment module http post injected into the remote directory traversal vulnerability

xiaoxiao2021-03-06  47

Since the Attachment MOD user interface is not fully filtered with the file name data, through the HTTP POST, the file name containing multiple '..' characters can be bypass the Web root limit, view the system file content in user process rights.

1) Run a new post, add a file via "Add Attachment".

2) View the source code before you click Send.

3) Modify the

form value, modify the value of "attachment_list []" and "filename_list []" to "../..NewFileName", modify the file name you want to view.

4) Then send it.

Suggest:

Vendor patch:

PHPBB Group

-----------

At present, manufacturers have released upgrade patches to fix this security issue, please go to the manufacturer's homepage to upgrade to Attachment Module version 2.3.11 version:

http://opentools.de/board/viewtopic.php?t=3590

转载请注明原文地址:https://www.9cbs.com/read-79549.html

9cbs

New Post(0)