add CVE-2021-39316 in the security-testbeds environment

[hh-hunter]

WordPress Plugin DZS Zoomsounds 6.45 - Arbitrary File Read (Unauthenticated CVE-2021-39316)

The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the "link" parameter in the "dzsap_download" action. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Docker-compose

You can deploy the vulnerable version of WordPress Plugin DZS Zoomsounds by running in docker-compose:

docker-compose -f docker-compose.yml up

It takes several minutes to wait for the service to be accessed normally, and the exposed web service port is [8080].

[alessandro-Doyensec]

Hey @hh-hunter , thanks for your contribution!

In order to proceed, we need to set up both a vulnerable and a non-vulnerable version. You can either create a separate docker-compose.yml for the non-vulnerable version, or integrate it directly into the existing one by exposing it on a different port.

Since the issue is relatively straightforward, could you provide the reproduction steps to verify that the images are correctly set up?

Just something like this will work:

curl "http://localhost:8080/?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd"