Skip to content

Latest commit

 

History

History
18 lines (18 loc) · 823 Bytes

UCMS v1.5.0 Arbitrary file upload vulnerability get shell.md

File metadata and controls

18 lines (18 loc) · 823 Bytes

UCMS v1.5.0 Arbitrary file upload vulnerability get shell

  • Vulnerability Type :
    V 1.5.0
  • Recurring environment:
    Windows 10
    PHP 5.4.45
    Apache 2.4.39
  • Vulnerability Description AND recurrence:
    The upload bug is very easy
    The vulnerability is in the \ucms_1.5\ucms\sadmin\file.php file, where there is no suffix to verify the uploaded file. Direct move_uploaded_file function has been uploaded.
    image
    Upload files
    image
    image
    We can use Cknife get Webshell
    image
    We can also execute system commands
    image