Lucene search
Kos0ngC190E42A-4806-47AA-AA1E-FF5D6407E244HistoryDec 29, 2022 - 1:05 p.m.
Local File Read through Improper Filename Validation
2022-12-2913:05:24
kos0ng
www.huntr.dev
11
vulnerability
file read
improper validation
path traversal
import function
export function
base64 encoded
0.0004 Low
EPSS
Percentile
9.0%
Description
This vulnerability occur because there is no filename validation on logo_image_login and logo_image_header on import and export function. Attacker can use path traversal payload to leak local file such as /etc/passwd or froxlor config file.
Proof of Concept
- Go to import function on “Settings”
- Modify filename on logo_image_login or logo_image_header with path traversal payload , e.g “…/…/…/…/…/etc/passwd?v=1672300384”
- After successfully imported, go to “Settings” and go to Export page
- Click Download/Export Settings, then leaked file will be on panel.logo_image_login.image_data key on json file in base64 encoded format
Related
osv
osv
CVE-2023-0316
2023-01-16 01:15:09
Froxlor is vulnerable to path traversal
2023-01-16 03:30:25
nvd
nvd
CVE-2023-0316
2023-01-16 01:15:09
veracode
veracode
Path Traversal
2023-01-24 00:55:16
cve
cve
CVE-2023-0316
2023-01-16 01:15:09
github
github
Froxlor is vulnerable to path traversal
2023-01-16 03:30:25
prion
prion
Path traversal
2023-01-16 01:15:00
cvelist
cvelist
CVE-2023-0316 Path Traversal: '\..\filename' in froxlor/froxlor
2023-01-16 00:00:00