ICMS 8.0.0后台任意文件读取0day漏洞分析

Author: 颖奇L’Amore

Blog: www.gem-love.com


前言

这个洞一年前就挖到了,然后2月份给了今年中旬比赛的XCTF Final(但是这个洞用不了因为题目需要RCE),因为比较久远,一直给忘记了。漏洞也是直接报给了开发者修复。

exploit

image-20210601155508441

image-20210601155517358

Analyse

$RootPath directly path splicing

_get_resource() return the path to iTemplateLite->_fetch_compile()

image-20210601165450703

Then it will be rendered.

Author: Y1ng
Link: https://www.gem-love.com/2021/12/10/ICMS-8-0-0后台任意文件读取0day漏洞分析/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.
【腾讯云】热门云产品首单特惠秒杀,2核2G云服务器45元/年    【腾讯云】境外1核2G服务器低至2折,半价续费券限量免费领取!