[Commotion-admin] [commotion-apps] Arbitrary file removal in add local applications form ‘uuid’ parameter (High) (#13)
areynold
notifications at github.com
Mon Sep 9 15:46:16 UTC 2013
In the same code snippet as described in #11, arbitrary file
removal is possible:
https://github.com/opentechinstitute/commotion-apps/blob/3bcf912eec5d3b7b0192cf4c21e334c6775ec482/lua/luci/controller/commotion/apps_controller.lua#L534-L543
To exploit this vulnerability, attacker should set up a new application (unique name, ip address/port pair) and perform path traversal in uuid parameter to remove arbitrary file.
Originally reported as WRT-01-008
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/commotion-apps/issues/13
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20130909/400224b4/attachment.html>
More information about the Commotion-admin
mailing list