There is a file upload vulnerability in the background settings page

The server build environment is windows
After logging in to the background, click Settings, there is a file upload vulnerability in an ico image upload point, you can bypass the upload, upload the webshell through this point, and you can take down the server.
Vulnerability location：http://172.20.10.2:8082/0/admin/settings/general
![image](https://user-images.githubusercontent.com/58929675/164606674-b9d80cc9-31ae-4c56-8757-66e51574c6a0.png)
1.Upload the shell file and capture the package。Modify Content-Type to image/ico, filename to .php and php followed by spaces to bypass
![image](https://user-images.githubusercontent.com/58929675/164607275-2c4f5b19-02e9-41d0-82f8-b81a19580bba.png)
2.Although the response packet is 302, the file itself has been uploaded successfully。The uploaded file is located in the \upload\settings directory, named favicon.php
![image](https://user-images.githubusercontent.com/58929675/164607604-cc2a09f7-bdb5-47cd-8b03-529beac0c123.png)
3.The connection is successful through the ice scorpion, and the server shell is obtained.
![image](https://user-images.githubusercontent.com/58929675/164607822-1f7fbb7b-ca85-46bf-ac0a-e8e2c1d695b5.png)
![image](https://user-images.githubusercontent.com/58929675/164614519-6eed8077-00c7-4e63-acf0-c7dc8d0aa0e8.png)
![image](https://user-images.githubusercontent.com/58929675/164614544-2dc1053f-5a7d-43f5-9e8f-70bde96b2236.png)






Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There is a file upload vulnerability in the background settings page #161

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development