There is an arbitrary file writing vulnerability in the HYBBS production plugin function

Open shmilylty opened this issue 3 years ago • 0 comments

There is an arbitrary file writing vulnerability in the HYBBS production plugin function

Vulnerability overview

There is an arbitrary file writing vulnerability in the HYBBS management background making plugin function, which leads to the server permission being obtained.

Vulnerability scope

All versions prior to HYBBS 2.3.3

Vulnerability environment construction

Clone the latest code factory library of HYBBS to the local, and then use phpstudy to build HYBBS.

Vulnerability reproduction steps

Fill in test', phpinfo(),' in the plugin description, and click the OK button.

2022-02-07-17-41-10

Then it will prompt that the plugin was created successfully

2022-02-07-17-43-32

From the folder monitoring software log, you can see that the program created the malicious file conf.php

2022-02-07-17-45-22

2022-02-07-17-45-59

Vulnerability code analysis

Locate the code that makes the plug-in function

2022-02-07-17-48-35

It can be seen that the program directly writes the plugin-related configuration information to conf.php without any security filtering, resulting in an arbitrary file writing vulnerability.

Feb 07 '22 10:02 shmilylty

HYBBS2 HYBBS2 copied to clipboard