Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-9205 PoC — avatar_uploader 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-9205.yaml
Associated Vulnerability
Title:avatar_uploader 安全漏洞 (CVE-2018-9205)
Description:avatar_uploader是Drupal社区所维护的一套内容管理系统中的用于实现上传用户图片功能的模块。 avatar_uploader 7.x-1.0-beta8版本中存在安全漏洞,该漏洞源于view.php文件中的代码没有校验用户或过滤文件路径。攻击者可利用该漏洞下载任意文件。
Description
In avatar_uploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files.
File Snapshot

 id: CVE-2018-9205

info:
  name: Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion
  auth

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.