| 标题 | The simple and beautiful PHP shopping cart system has a file upload vulnerability. |
|---|
| 描述 | The simple and beautiful PHP shopping cart system has a file upload vulnerability.
Vulnerability file location: / mkshop / Men / profile.php
look at this source code
```
$upload_ dir = 'profile/';
$imgExt = strtolower(pathinfo($imgFile,PATHINFO_EXTENSION));
$valid_ extensions = array('jpeg', 'jpg', 'png', 'gif');
```
Here, users are allowed to upload other files, such as PHP files, and can construct webshell to upload to the website, maliciously attack the website, and get the permission of the website.
https://s1.ax1x.com/2022/08/14/vUSyHH.png
Source link
https://www.sourcecodester.com/php/12579/simple-and-nice-shopping-cart-script.html |
|---|
| 来源 | ⚠️ https://www.sourcecodester.com/php/12579/simple-and-nice-shopping-cart-script.html |
|---|
| 用户 | qidian (UID 30810) |
|---|
| 提交 | 2022-08-19 14時58分 (4 年前) |
|---|
| 管理 | 2022-08-19 21時42分 (7 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 206845 [SourceCodester Simple and Nice Shopping Cart Script /mkshop/Men/profile.php 权限提升] |
|---|
| 积分 | 20 |
|---|