-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VvvebJs 1.7.4 has an arbitrary file upload vulnerability #343
Comments
Thanks for the vulnerability report, it was previously reported #339 and fixed in c6422cf it is now also included in the last release https://github.com/givanz/VvvebJs/releases/tag/1.7.5 |
I'm glad this issue will be fixed in 1.7.5, thanks to VvvebJs team for maintaining the project! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
###Summary
VvvebJs version 1.7.4 exhibits an arbitrary file upload vulnerability. An attacker can exploit this vulnerability to upload malicious files onto the server, potentially leading to the execution of arbitrary code under the context of the webserver.
Details
The vulnerability arises from the 'save.php' file as it fails to implement adequate checks on the types of files being uploaded. The 'sanitizeFileName' function is designed to remove any unsecured characters and parameters from the filename and restrict the file extension to '.html'. However, the function fails to validate the user input properly, allowing an attacker to bypass these checks.
Here is the relevant code snippet:
VvvebJs/save.php
Lines 87 to 89 in c6422cf
In the code, $_POST['file'] takes user input without proper filtering or verification. The filename provided by user input is assigned to the $file variable, which ultimately gets uploaded to the server without going through sufficient security measures.
Proof of Concept (POC)
After uploading the attacker accesses the URL:http://192.168.160.147/demo/landing/index.php
Impact
Given that this is an arbitrary file upload vulnerability, an attacker can potentially upload any type of files, including malicious PHP scripts or web shells. After successful exploitation, an attacker may leverage the ability to execute arbitrary code in the context of the webserver, enabling them to carry out further attacks, potentially gaining unauthorized access to sensitive data or escalating their privileges on the server.
It is highly recommended that developers patch this vulnerability promptly.
The text was updated successfully, but these errors were encountered: