| 제목 | Arbitrary file upload exists in Alphaware e-Commerce system |
|---|
| 설명 | Any file upload
Enter the background management page
admin_feature.php add a product
You need to add files here, you can upload any file
Upload a malicious php file
<?php @eval($_REQUEST[c]);?>
The file is uploaded successfully, check the product image to find the php file path
Access the php file and execute the phpinfo command
Please see github for details
https://github.com/895515845/Alphaware-E-Commerce-System/blob/main/Alphaware_file.md |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2022. 08. 05. PM 06:35 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 08. 05. PM 08:45 (2 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 205666 [SourceCodester Alphaware Simple E-Commerce System Background Management Page admin_feature.php 권한 상승] |
|---|
| 포인트들 | 17 |
|---|