zrlog icon indicating copy to clipboard operation
zrlog copied to clipboard

Published 20 hours ago verified publisher icon 94fzb

Arbitrary file download vulnerability via database backup plugin 1.6.0

Open rank0 opened this issue 5 years ago • 1 comments

The current version of the database backup plugin (1.6.0) is vulnerable to arbitrary file download,the file parameter value is not filtered 1、Plugin download link:http://dl.zrlog.com/plugin/backup-sql-file.jar 2、Vulnerability file: BackupController.java file

POC

http://118.24.153.47/admin/plugins/backup-sql-file/downfile?file=../../../../../../../../etc/passwd
101 101

rank0 avatar Apr 07 '19 10:04 rank0

@rank0 Thanks, This demo site run docker container, So /etc/passwd not host password, Will fix in next version

94fzb avatar Apr 09 '19 05:04 94fzb