| Titel | There is a backend getshell vulnerability in Easyadmin8 |
|---|
| Beschreibung |
Enter the backend, find the configuration options, and add the upload type PHP
http://localhost/admin/index/index.html#/admin/system.uploadfile/index.html
Click on product management options: http://www.easyadmin8.com/admin/index/index.html#/admin/mall.goods/index.html
add a new product
click image icon
upload a.php
then getshell
Fix for file upload vulnerability:
The upload module needs to exist on the website, and permission authentication needs to be done to prevent anonymous users from accessing it.
The file upload directory is set to prohibit script file execution. Even if the dynamic script of the uploaded backdoor cannot be parsed, causing the attacker to abandon this attack path.
Set up a whitelist for uploading, which only allows images to be uploaded, such as jpg png gif. Other files are not allowed to be uploaded.
The uploaded suffix name must be set to an image format such as jpg png gif. |
|---|
| Quelle | ⚠️ https://github.com/wolf-leo/EasyAdmin8/issues/1 |
|---|
| Benutzer | XMAO (UID 18088) |
|---|
| Einreichung | 12.07.2023 13:15 (vor 3 Jahren) |
|---|
| Moderieren | 20.07.2023 10:18 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 235068 [EasyAdmin8 2.0.2.2 File Upload index.html erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|