| タイトル | UCMS 1.6 fileedit.php Bypass Limit Arbitrary File Upload Vulnerability |
|---|
| 説明 | Vulnerability description:
The vulnerability lies in /ucms/sadmin/fileedit.php file, The file suffix verification can be bypassed by modifying the POST packet, so as to achieve arbitrary file upload.
Log in to the system file management module.
First upload a txt type file, then edit and change the content to a php Trojan.Save the modified file, then grab the data request package,In the process, change file=result.txt to file=333.php.
Then access the uploaded file 333.php. Get webshell. |
|---|
| ソース | ⚠️ https://github.com/yztale/taley/blob/main/README.md |
|---|
| ユーザー | tale (UID 40171) |
|---|
| 送信 | 2023年03月09日 07:26 (3 年 ago) |
|---|
| モデレーション | 2023年03月09日 22:48 (15 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 222683 [UCMS 1.6 System File Management sadmin/fileedit.php ファイル 特権昇格] |
|---|
| ポイント | 20 |
|---|