Path Traversal in microweber/microweber
Mar 15th 2022
A Path Traversal vulnerability exists in Language export function, which allows attacker upload files to an arbitrary location in the server. By adding the special characters on filename, it can lead to a Denial Of Service Attack.
Proof of Concept
[1.] Use the credential, access to the Language export function and click to the "export" button.
[2.] By manipulating "namespace" or "locale" variables that reference files with “dot-dot-slash (../)” sequences, the attacker can store file in any locations on the server.
[3.] This vulnerability can lead to a Denial Of Services attack. On "Files Module" , It uses regular expression to remove the special characters of the uploaded files, However, by this attack, the attacker can upload the junk files whose name include special characters. "File module" could not be loaded in case of these files exist and we will receive the "500 Internal Server Error" for this response.
# Impact This vulnerability can lead to a Denial of Service Attack, It allows attacker upload files to an arbitrary location in the server.