There are arbitrary code execution vulnerabilities and file inclusion vulnerabilities in the module installation of pluck4.743.
debug601 opened this issue · comments
php5.2.17
1.Arbitrary code execution
I uploaded webshell.zip in the module installation.
Visit 192.168.1.128/pluck4.743/data/modules/webshell/webshell.php
2.The file contains vulnerabilities
After uploading the webshell.zip file in the module installation, I visit admin.php and he will automatically include the / data/modules/webshell/webshell.php file I uploaded.
After uploading the webshell.zip file successfully, it is found that http://192.168.1.128/pluck4.743/admin.php?action=managemodules automatically contains "D:\ phpStudy\ PHPTutorial\ WWW\ pluck4.743\ data\ modules\webshell\webshell.php".
Duplicate for #106
I believe this is in the install modules section and not in the manage files section.
A module is to add functionality to the website, and needs a password to do. When you have the password, you can upload anything, and than utilise this uploaded content. this is impossible to fix, since this is the option to add functionality. for instance the inplace updater is an module which downloads and extracts files, an other module might do the same, so why restrict this, and restrict it to what.
Since the password is needed to exploit this, and with the password lost everything is up for grabs we won't fix this.