New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bludit v3.9.2 Code Execution Vulnerability in "Upload function" #1081
Comments
I uploaded a fix, checking if the |
I added check the extension file, if you can try to do the exploit with the version from Github. I will release a new version in a few days. |
OK,glad to help you |
Fixed in Bludit v3.10.0. |
its too late but you dont even need to upload .htaccess or jpg |
A Code Execution Vulnerability in Bludit v3.9.2
Hi,
For CVE ID,so I open a new issue,sorry about that.And I think you haven't completely fixed the bug.
There is a new Code Execution Vulnerability which allow to get server permissions,the path is /bl-kernel/admin/ajax/upload-images.php
1, login with any account which allows you to edit conten
2.upload the evil jpg
We can specify the location of the uploaded file by changing the value of the uuid,then upload the evil picture to tmp folder
3.upload both the.htaccess file and the access target jpg
Successfully reverted to the target file
4. Access the evil file that are written through jpg
So I recommend checking the file before uploading it to temporary directory
The text was updated successfully, but these errors were encountered: