Description

Invicti uploaded a ZIP file containing a symlink to /etc/passwd. It looks like that web application processed this file and returned the contents of /etc/passwd in response.

Remediation

The web application should filter symlinks included inside ZIP files.

References

Reading local files from Facebook's server

Related Vulnerabilities

WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)

WordPress Plugin Credova_Financial Information Disclosure (1.4.8)

WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.7)

WordPress Plugin How to Create an App for Android iPhone Easytouch Arbitrary File Upload (3.0)

WordPress Plugin WP Activity Log Information Disclosure (3.1.1)

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Unauthenticated File Upload Information Disclosure