| Title | croogo.org croogo v4.0.7 Upload |
|---|
| Description | Log in to the backend as a user and navigate to the "admin/settings/settings/prefix/Theme" page. Upload a PHP shell file, using the Burp Suite tool to intercept the request. Modify the "Content-Type" in the request to "image/jpeg" and add the "GIF89a" file header at the beginning of the data content. This allows the file to be uploaded successfully. |
|---|
| Source | ⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE-1.md |
|---|
| User | Dee.Mirage (UID 71702) |
|---|
| Submission | 07/10/2024 05:48 (2 years ago) |
|---|
| Moderation | 07/10/2024 12:35 (7 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 271053 [Croogo up to 4.0.7 Setting Theme Content-Type unrestricted upload] |
|---|
| Points | 18 |
|---|