关联漏洞
标题:Statamic 代码问题漏洞 (CVE-2023-47129)Description:Statamic是美国Statamic公司的一个基于 Laravel 构建的强大的平面文件 Cms。用于将所有内容、模板、资产和设置存储在文件而不是数据库中。 Statamic存在安全漏洞,该漏洞源于允许攻击者通过asset upload字段上传精心制作的PHP文件。受影响的产品和版本:Statmic 3.4.13之前版本,4.33.0之前版本,
Description
Statamic CMS versions <4.33.0 vulnerable to "Remote Code Execution"
介绍
# CVE-2023-47129 - Statamic CMS versions <4.33.0 - Remote Code Execution
## Description
In versions <4.33.0 of Statamic CMS where the front-end has a form with active file upload, it is possible to send PHP files created to look like images, regardless of the mime validation rules. This vulnerability allows an attacker to upload arbitrary and potentially dangerous files and even execute server-side scripts.
## To Fix
Update Statamic CMS to version 4.33.0.
## Steps to Reproduce:
**1)** In a Statamic CMS installation, create a form and its respective page.
**2)** In the form blueprint, include an `Asset Field` and in the _“Validation”_ option select, for example, `mimetypes:image/jpeg`, `mimes:jpg`, `image`.
**3)** Create a polyglot jpg file with some php script, example:
```exiftool -Comment="<?php phpinfo(); ?>" image.jpg```
**4)** Rename this file to `image.php`.
**5)** On the form page, upload the created `image.php` file.
**6)** Now, to run this file just access `https://yoursite.com/assets/image.php`
_Note: replace `https://yoursite.com` with the address of your test installation._
### Reference
* [GHSA-72hg-5wr5-rmfc](https://github.com/statamic/cms/security/advisories/GHSA-72hg-5wr5-rmfc)
文件快照
[4.0K] /data/pocs/6db9a8c33ef7cb0a950e10fa393186d4bc1a9bc3
└── [1.2K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。