| عنوان | https://github.com/iJason-Liu/Books_Manager Books_Manager 1.0 File Upload |
|---|
| الوصف | Vulnerability Introduction
The 1.0 version of Books_Manager’s upload_bookCover.php interface has an arbitrary file upload vulnerability, as its interface does not detect file suffixes. Attackers can upload any type of file, which may result in getshell and more serious consequences.
Vulnerability analysis
Vulnerability file:controllers/books_center/upload_bookCover.php
The backend logic does not validate the file type.
Validation of the upload type was performed only on the frontend,in administrator/books_center/add_book.php file
Vulnerability reproduction
use BurpSuite to change request
Find the path of webshell
https://lib.crayon.vip/upload/bookCover/1768292566_chuizi.php
Use tools to connect webshell |
|---|
| المصدر | ⚠️ https://blog.y1fan.work/2026/01/13/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0getshell/ |
|---|
| المستخدم | y1fan (UID 94467) |
|---|
| ارسال | 13/01/2026 09:45 AM (5 أشهر منذ) |
|---|
| الاعتدال | 26/01/2026 03:58 PM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 342874 [iJason-Liu Books_Manager حتى 298ba736387ca37810466349af13a0fdf828e99c upload_bookCover.php book_cover تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|