| 제목 | UCMS 1.6 fileedit.php Bypass Limit Arbitrary File Upload Vulnerability |
|---|
| 설명 | Vulnerability description:
The vulnerability lies in /ucms/sadmin/fileedit.php file, The file suffix verification can be bypassed by modifying the POST packet, so as to achieve arbitrary file upload.
Log in to the system file management module.
First upload a txt type file, then edit and change the content to a php Trojan.Save the modified file, then grab the data request package,In the process, change file=result.txt to file=333.php.
Then access the uploaded file 333.php. Get webshell. |
|---|
| 원천 | ⚠️ https://github.com/yztale/taley/blob/main/README.md |
|---|
| 사용자 | tale (UID 40171) |
|---|
| 제출 | 2023. 03. 09. AM 07:26 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 03. 09. PM 10:48 (15 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 222683 [UCMS 1.6 System File Management sadmin/fileedit.php 파일 권한 상승] |
|---|
| 포인트들 | 20 |
|---|