Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-37770: File upload vulnerability

Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources.

CVE
#vulnerability#web#apache#php#nginx

Description: I found a file upload vulnerability. The project layout in Apache will cause huge problems, In this vulnerability, we can use upload to change the upload path to the path without. Htaccess file. Upload an. Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, we can upload a picture with shell, treat it as PHP, execute our commands, so as to take down the whole website Resources and permissions for.

login as admin

This is the vulnerability file, directory

Find where to upload files

Upload a PHP file and visit,and Can see Forbidden

Let’s upload a. Htaccess file

You can see that the file was uploaded successfully,Then upload a. JPG file, which contains the Trojan we wrote

We visit it to execute our command

We can use it to execute any command, or use it to get all the information of the website

Let’s analyze the reason,We can see that. Htaccess file forbids access to PHP file

When uploading a. Htaccess file containing this sentence:AddType application/x-httpd-php .jpg

Jpg can be executed as a PHP file

Resolvent:

The best way to solve this vulnerability is to disable the upload of. Htaccess file and. User.ini file. The use of. Htaccess file under Apache service is dangerous. The use of. User.ini on nginx server is dangerous

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907