| Title | The laiketui program has a remote code execution vulnerability |
|---|
| Description | php版本
路径:LKT/webapp/modules/api/actions/userAction.class.php
POST /LKT/index.php?module=api&action=user&m=upload HTTP/1.1
Host:
Accept: */*
Accept-Encoding: identity
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=--------------------------371918364269932091066326
这个url直接以multipart/form-data的post数据格式直接写入一句话木马,然后就会返回其文件名,然后antsword连接就可以 |
|---|
| Source | ⚠️ https://github.com/bettershop/LaikeTui |
|---|
| User | p1nk (UID 40417) |
|---|
| Submission | 08/23/2023 21:01 (3 years ago) |
|---|
| Moderation | 08/27/2023 08:15 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 238160 [Bettershop LaikeTui POST Request index.php?module=api&action=user&m=upload unrestricted upload] |
|---|
| Points | 20 |
|---|