| 标题 | SourceCodester SourceCodester KLiK Social Media Website v1.0.1 Unrestricted Upload |
|---|
| 描述 | Unrestricted file upload vulnerability in upload.inc.php and related files allows unauthenticated attackers to upload arbitrary files (including PHP web shells) to the ./uploads/ directory. Although the filename is renamed with uniqid(), insufficient content validation and potential server misconfiguration can lead to remote code execution (RCE).
Create a malicious file containing PHP code (e.g., <?php system($_GET['cmd']); ?>).
Rename the file with an allowed extension (e.g., shell.jpg).
Submit the file via the upload form (parameter name dp).
The server renames the file using uniqid() but preserves the allowed extension.
If the ./uploads/ directory is web-accessible and the server executes PHP code regardless of extension (misconfiguration), the attacker can trigger the payload.
Example exploitation request (after upload):
GET /uploads/5f1a2b3c4d5e6f.jpg?cmd=id HTTP/1.1 |
|---|
| 来源 | ⚠️ https://github.com/msaad1999/KLiK-SocialMediaWebsite |
|---|
| 用户 | g111 (UID 92409) |
|---|
| 提交 | 2026-04-27 03時50分 (1 月前) |
|---|
| 管理 | 2026-05-24 08時52分 (27 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 365402 [KLiK SocialMediaWebsite 1.0 File upload.inc.php uniqid 权限提升] |
|---|
| 积分 | 20 |
|---|