| タイトル | The simple and beautiful PHP shopping cart system has a file upload vulnerability. |
|---|
| 説明 | The simple and beautiful PHP shopping cart system has a file upload vulnerability.
Vulnerability file location: / mkshop / Men / profile.php
look at this source code
```
$upload_ dir = 'profile/';
$imgExt = strtolower(pathinfo($imgFile,PATHINFO_EXTENSION));
$valid_ extensions = array('jpeg', 'jpg', 'png', 'gif');
```
Here, users are allowed to upload other files, such as PHP files, and can construct webshell to upload to the website, maliciously attack the website, and get the permission of the website.
https://s1.ax1x.com/2022/08/14/vUSyHH.png
Source link
https://www.sourcecodester.com/php/12579/simple-and-nice-shopping-cart-script.html |
|---|
| ソース | ⚠️ https://www.sourcecodester.com/php/12579/simple-and-nice-shopping-cart-script.html |
|---|
| ユーザー | qidian (UID 30810) |
|---|
| 送信 | 2022年08月19日 14:58 (4 年 ago) |
|---|
| モデレーション | 2022年08月19日 21:42 (7 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 206845 [SourceCodester Simple and Nice Shopping Cart Script /mkshop/Men/profile.php 特権昇格] |
|---|
| ポイント | 20 |
|---|