You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Windows Server 2012
PHP 5.5.38
Apache 2.4
Mysql 5.6
Vulnerability Description AND recurrence:
During installation, use the db_wms_2013_12_31_15_48_34.sql file in the \system\ directory for installation
In the /system/databak.php file, the parameter filename was received through $_POST, and it was not filtered. The exec function was brought in, resulting in a command execution vulnerability.
There is no echo here, let's test adding a system user here
payload: filename=1 || net user test /add
The text was updated successfully, but these errors were encountered:
Vulnerability Type :
Command execution
Vulnerability Version :
1.1
Recurring environment:
Windows Server 2012
PHP 5.5.38
Apache 2.4
Mysql 5.6
Vulnerability Description AND recurrence:
During installation, use the db_wms_2013_12_31_15_48_34.sql file in the \system\ directory for installation
In the /system/databak.php file, the parameter filename was received through $_POST, and it was not filtered. The exec function was brought in, resulting in a command execution vulnerability.
There is no echo here, let's test adding a system user here
![_7G3ND54XZ@0C5_NL1`4TP2](https://user-images.githubusercontent.com/74465835/119068856-9151bf80-ba17-11eb-8043-7f1ee04112f7.png)
payload: filename=1 || net user test /add
The text was updated successfully, but these errors were encountered: