| Título | https://github.com/iJason-Liu/Books_Manager Books_Manager 1.0 File Upload |
|---|
| Descripción | Vulnerability Introduction
The 1.0 version of Books_Manager’s upload_bookCover.php interface has an arbitrary file upload vulnerability, as its interface does not detect file suffixes. Attackers can upload any type of file, which may result in getshell and more serious consequences.
Vulnerability analysis
Vulnerability file:controllers/books_center/upload_bookCover.php
The backend logic does not validate the file type.
Validation of the upload type was performed only on the frontend,in administrator/books_center/add_book.php file
Vulnerability reproduction
use BurpSuite to change request
Find the path of webshell
https://lib.crayon.vip/upload/bookCover/1768292566_chuizi.php
Use tools to connect webshell |
|---|
| Fuente | ⚠️ https://blog.y1fan.work/2026/01/13/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0getshell/ |
|---|
| Usuario | y1fan (UID 94467) |
|---|
| Sumisión | 2026-01-13 09:45 (hace 5 meses) |
|---|
| Moderación | 2026-01-26 15:58 (13 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 342874 [iJason-Liu Books_Manager hasta 298ba736387ca37810466349af13a0fdf828e99c upload_bookCover.php book_cover escalada de privilegios] |
|---|
| Puntos | 20 |
|---|