| Título | UCMS 1.6 fileedit.php Bypass Limit Arbitrary File Upload Vulnerability |
|---|
| Descripción | Vulnerability description:
The vulnerability lies in /ucms/sadmin/fileedit.php file, The file suffix verification can be bypassed by modifying the POST packet, so as to achieve arbitrary file upload.
Log in to the system file management module.
First upload a txt type file, then edit and change the content to a php Trojan.Save the modified file, then grab the data request package,In the process, change file=result.txt to file=333.php.
Then access the uploaded file 333.php. Get webshell. |
|---|
| Fuente | ⚠️ https://github.com/yztale/taley/blob/main/README.md |
|---|
| Usuario | tale (UID 40171) |
|---|
| Sumisión | 2023-03-09 07:26 (hace 3 años) |
|---|
| Moderación | 2023-03-09 22:48 (15 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 222683 [UCMS 1.6 System File Management sadmin/fileedit.php Archivo escalada de privilegios] |
|---|
| Puntos | 20 |
|---|