Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Arbitrary file read vulnerability #169

Open
liquidsec opened this issue Dec 17, 2020 · 3 comments
Open

Arbitrary file read vulnerability #169

liquidsec opened this issue Dec 17, 2020 · 3 comments

Comments

@liquidsec
Copy link

I am a pentester, test.php produced an arbitrary file read vulnerability for one of my clients. We were able to read files all over the filesystem and gained access to sensitive keys, source code, etc by using directory traversal characters with the File parameter. Contents of the file get chopped into arrays but are nonetheless present.
@americo
Copy link

americo commented Mar 2, 2021

Hi liquidsec, can you give a PoC of this ?
I'm pentester too, and my client is using it.

@RonnyDo
Copy link

RonnyDo commented Mar 17, 2022

I am a pentester, test.php produced an arbitrary file read vulnerability for one of my clients. We were able to read files all over the filesystem and gained access to sensitive keys, source code, etc by using directory traversal characters with the File parameter. Contents of the file get chopped into arrays but are nonetheless present.

Can confirm this. The "File" parameter can be altered to point to arbitrary locations even outside of the applications scope.

@RonnyDo
Copy link

RonnyDo commented Jan 5, 2024

The vulnerability got officially registered under CVE-2023-29887 🐞

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@RonnyDo @liquidsec @americo