Skip to content

Instantly share code, notes, and snippets.

@b33t1e

b33t1e/CVE-2023-27164

Created March 30, 2023 03:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save b33t1e/a1a0d81b1173d0d00de8f4e7958dd867 to your computer and use it in GitHub Desktop.
Save b33t1e/a1a0d81b1173d0d00de8f4e7958dd867 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CVE-2023-27164
[description]
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows
attackers to execute arbitrary code via a crafted .md file.
>
------------------------------------------
>
[VulnerabilityType Other]
File Upload
>
------------------------------------------
>
[Vendor of Product]
https://github.com/halo-dev/halo
>
------------------------------------------
>
[Affected Product Code Base]
halo - <= Version 1.6.1
>
------------------------------------------
>
[Affected Component]
The API endpoints /api/admin/backups/markdown/import is vulnerable to malicious file upload.
>
------------------------------------------
>
[Attack Type]
Remote
>
------------------------------------------
>
[Impact Code execution]
true
>
------------------------------------------
>
[Impact Information Disclosure]
true
>
------------------------------------------
>
[Attack Vectors]
POC: upload a malicious file, it's content is javascript code, like <script>alert("XSS")</script>, when we view this article, the JS code will be executed.
details can be seen: https://notes.sjtu.edu.cn/s/s5oEvs-p5
>
------------------------------------------
>
[Discoverer]
beet1e
>
------------------------------------------
>
[Reference]
http://halo.com
https://github.com/halo-dev/halo
https://notes.sjtu.edu.cn/s/s5oEvs-p5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment