You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Causes of vulnerability : upload.php does not allow direct uploading of ph* type files, and it fails when directly uploading ph* files.
However, you can bypass the detection by uploading a phar file and adding picture file header information such as jpg to the file to successfully upload the phar file.
Because the phar file can be parsed normally after php7.2, you can directly upload the php webshell with the phar suffix.
Repair suggestion: add the ph* file to the upload blacklist
The text was updated successfully, but these errors were encountered:
If installed in the php5.6 or php7.0 environment, the php7 suffix can also be used to construct and upload getshell, and php7 should also be added to the blacklist
risingisland
added a commit
to multicolor-rgb/GetSimpleCMS-CE
that referenced
this issue
Oct 4, 2022
Affected version: GetSimpleCMS before 3.3.16.
Vulnerable file: /admin/upload.php.
Causes of vulnerability : upload.php does not allow direct uploading of ph* type files, and it fails when directly uploading ph* files.
![image-20210319202759593](https://user-images.githubusercontent.com/61731702/111782675-466edb00-88f4-11eb-85e2-df74fe3b0ace.png)
![image-20210319202821966](https://user-images.githubusercontent.com/61731702/111782705-4e2e7f80-88f4-11eb-970e-6d5a5c349ac1.png)
![image-20210319204401342](https://user-images.githubusercontent.com/61731702/111782722-51c20680-88f4-11eb-859f-7e2a2267d5b1.png)
However, you can bypass the detection by uploading a phar file and adding picture file header information such as jpg to the file to successfully upload the phar file.
Because the phar file can be parsed normally after php7.2, you can directly upload the php webshell with the phar suffix.
Repair suggestion: add the ph* file to the upload blacklist
The text was updated successfully, but these errors were encountered: