Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-32235 PoC — Ghost 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-32235.yaml
Associated Vulnerability
Title:Ghost 路径遍历漏洞 (CVE-2023-32235)
Description:Ghost CMS是新加坡Ghost基金会的一套使用JavaScript编写的开源无头内容管理系统(CMS)。 Ghost 5.42.1 之前版本存在安全漏洞,该漏洞源于frontend/web/middleware/static-theme.js存在安全问题,攻击者利用该漏洞可以通过目录遍历读取活动主题文件夹内的任意文件。
Description
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.
File Snapshot

 id: CVE-2023-32235

info:
  name: Ghost CMS < 5.42.1 - Path Traversal
  author: j3ssie
  severity: h

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.