I found very simple Path traversal Vulnerability for RuubikCMS 1.1.1 , which can be exploited to list available files and folders from operating system, I tested it on windows operating system.
Vulnerable Links :
|File and Directory names listing|
- By exploiting vulnerability in this page, we can list files and directories present on server, but observed that .php files are not being shown.
|Folder created in Xampp directory|
- We can create folders by using above url, wherever we want!!!
|File uploaded in Xampp root directory|
- Using directory traversal exploit, we can upload files in specific directory, first we need to hit above URL which sets path internally to "c:\xampp" in my case, and now when you select file to upload and click on upload button, your file will be uploaded to "xampp" directory.
- We could go ahead and upload PHP shell , but in this case when we try to do so, it throws permission error, but we can definitely upload ".html" wherever we want.
|Deleted Files from Xampp Directory (hack.txt)|
- Exploiting same vulnerability in edit.php page we can delete files by selecting directory using above exploit and then delete files listed.
- Observed that files from important directories like "php" was not deleted using this procedure