Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File upload vulnerability in Nucleus CMS v3.71 #95

Closed
Gsuhy-L opened this issue Dec 1, 2019 · 1 comment
Closed

File upload vulnerability in Nucleus CMS v3.71 #95

Gsuhy-L opened this issue Dec 1, 2019 · 1 comment

Comments

@Gsuhy-L
Copy link

Gsuhy-L commented Dec 1, 2019
edited

No description provided.

@Gsuhy-L Gsuhy-L closed this as completed Dec 2, 2019
@Gsuhy-L
Copy link
Author

Gsuhy-L commented Dec 2, 2019

Description: I found a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without. Htaccess file. Upload an. Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, we can upload a picture with shell, treat it as PHP, execute our commands, so as to take down the whole website Resources and permissions for.

Because I don't know why my picture can't be uploaded, so I wrote the detailed utilization process in this page, hope you can see it
https://shimo.im/docs/Ch9CphJt8XwTvQ3d

I would like to submit this vulnerability to CVE mitre. I hope you can fix this vulnerability as soon as possible

Looking forward to your response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Gsuhy-L