Path traversal vulnerability has been discovered in AWS XMS version 2.5 by HTB Security Research Lab, which can be exploited to read contents of arbitrary files.
The vulnerability exists due to insufficient filtration of "what" HTTP GET parameter passed to "importer.php" script before using it in PHP "file()" function. A remote attacker can read contents of arbitrary files on the target system.
Proof of Concept /PoC/ code for this vulnerability in AWS XMS 2.5 uses wget utility to download source code of "default.php" file, which contains application configuration data and administrators credentials. See more at HTB23147 advisory.
Upgrade your AWS XMS installation to version 2.6 to stay safe, or remove "/importer.php" script from your system.
No comments:
Post a Comment