doorGets v7.0 will leak absolute path in FILE UPLOAD.

A leaked absolute path vulnerability was discovered in doorGets v7.0.
There is a leaked absolute path vulnerability in ARTICLE if I upload file.
http://192.168.187.130/doorgets/dg-user/cn/?controller=moduleblog&uri=blog&lg=cn

First, add the article.
http://192.168.187.130/doorgets/dg-user/cn/?controller=moduleblog&uri=blog&action=add
<img width="1667" alt="image" src="https://user-images.githubusercontent.com/27290132/74915525-5b322400-53ff-11ea-94b9-a8a3ad47830e.png">

Then, upload file.
<img width="1339" alt="image" src="https://user-images.githubusercontent.com/27290132/74915595-77ce5c00-53ff-11ea-8597-a39db20f0848.png">

File upload success and returned data packets
<img width="1232" alt="image" src="https://user-images.githubusercontent.com/27290132/74915398-1c03d300-53ff-11ea-92a6-ffdbe1c304a3.png">

Modify the content-type value to text/html, you will find the absolute path in the packet.
<img width="1241" alt="image" src="https://user-images.githubusercontent.com/27290132/74915413-21611d80-53ff-11ea-9876-237d2c51aafb.png">


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

doorGets v7.0 will leak absolute path in FILE UPLOAD. #17

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

doorGets v7.0 will leak absolute path in FILE UPLOAD. #17

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions