| Title | UCMS 1.6 fileedit.php Bypass Limit Arbitrary File Upload Vulnerability |
|---|
| Description | Vulnerability description:
The vulnerability lies in /ucms/sadmin/fileedit.php file, The file suffix verification can be bypassed by modifying the POST packet, so as to achieve arbitrary file upload.
Log in to the system file management module.
First upload a txt type file, then edit and change the content to a php Trojan.Save the modified file, then grab the data request package,In the process, change file=result.txt to file=333.php.
Then access the uploaded file 333.php. Get webshell. |
|---|
| Source | ⚠️ https://github.com/yztale/taley/blob/main/README.md |
|---|
| User | tale (UID 40171) |
|---|
| Submission | 03/09/2023 07:26 (3 years ago) |
|---|
| Moderation | 03/09/2023 22:48 (15 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 222683 [UCMS 1.6 System File Management sadmin/fileedit.php unrestricted upload] |
|---|
| Points | 20 |
|---|