Title | Arbitrary file upload exists in Alphaware e-Commerce system |
---|
Description | Any file upload
Enter the background management page
admin_feature.php add a product
You need to add files here, you can upload any file
Upload a malicious php file
<?php @eval($_REQUEST[c]);?>
The file is uploaded successfully, check the product image to find the php file path
Access the php file and execute the phpinfo command
Please see github for details
https://github.com/895515845/Alphaware-E-Commerce-System/blob/main/Alphaware_file.md |
---|
Submission | 2022-08-05 18:35 (2 years ago) |
---|
Moderation | 2022-08-05 20:45 (2 hours later) |
---|
Status | Przyjęty |
---|
VulDB Entry | 205666 |
---|