Windows Server 2012
PHP 5.5.38
Apache 2.4
Mysql 5.6
Vulnerability Description AND recurrence:
During installation, use the db_wms_2013_12_31_15_48_34.sql file in the \system\ directory for installation
In the /system/databak.php file, the parameter filename was received through $_POST, and it was not filtered. The exec function was brought in, resulting in a command execution vulnerability.
There is no echo here, let's test adding a system user here
payload: filename=1 || net user test /add
The text was updated successfully, but these errors were encountered:
Vulnerability Type :
Command execution
Vulnerability Version :
1.1
Recurring environment:
Windows Server 2012
PHP 5.5.38
Apache 2.4
Mysql 5.6
Vulnerability Description AND recurrence:
During installation, use the db_wms_2013_12_31_15_48_34.sql file in the \system\ directory for installation
In the /system/databak.php file, the parameter filename was received through $_POST, and it was not filtered. The exec function was brought in, resulting in a command execution vulnerability.
There is no echo here, let's test adding a system user here

payload: filename=1 || net user test /add
The text was updated successfully, but these errors were encountered: