漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
pwn.college has Symlink LFI in Dojo repos
Vulnerability Description
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
CWE-61
Vulnerability Title
DOJO 安全漏洞
Vulnerability Description
DOJO是pwn.college开源的一款JavaScript工具箱。 DOJO存在安全漏洞,该漏洞源于对用户指定的dojo进行错误的符号链接检查会导致用户从CTFd容器执行LFI,恶意用户可以制作一个带有指向敏感文件的符号链接的存储库,然后使用CTFd网站检索它们。
CVSS Information
N/A
Vulnerability Type
N/A