Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pwn.college has Symlink LFI in Dojo repos
Vulnerability Description
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
CWE-61
Vulnerability Title
DOJO 安全漏洞
Vulnerability Description
DOJO是pwn.college开源的一款JavaScript工具箱。 DOJO存在安全漏洞,该漏洞源于对用户指定的dojo进行错误的符号链接检查会导致用户从CTFd容器执行LFI,恶意用户可以制作一个带有指向敏感文件的符号链接的存储库,然后使用CTFd网站检索它们。
CVSS Information
N/A
Vulnerability Type
N/A