| 제목 | https://github.com/iJason-Liu/Books_Manager Books_Manager 1.0 File Upload |
|---|
| 설명 | Vulnerability Introduction
The 1.0 version of Books_Manager’s upload_bookCover.php interface has an arbitrary file upload vulnerability, as its interface does not detect file suffixes. Attackers can upload any type of file, which may result in getshell and more serious consequences.
Vulnerability analysis
Vulnerability file:controllers/books_center/upload_bookCover.php
The backend logic does not validate the file type.
Validation of the upload type was performed only on the frontend,in administrator/books_center/add_book.php file
Vulnerability reproduction
use BurpSuite to change request
Find the path of webshell
https://lib.crayon.vip/upload/bookCover/1768292566_chuizi.php
Use tools to connect webshell |
|---|
| 원천 | ⚠️ https://blog.y1fan.work/2026/01/13/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0getshell/ |
|---|
| 사용자 | y1fan (UID 94467) |
|---|
| 제출 | 2026. 01. 13. AM 09:45 (5 개월 ago) |
|---|
| 모더레이션 | 2026. 01. 26. PM 03:58 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 342874 [iJason-Liu Books_Manager 까지 298ba736387ca37810466349af13a0fdf828e99c upload_bookCover.php book_cover 권한 상승] |
|---|
| 포인트들 | 20 |
|---|