Closed
Description
RapidCMS exists arbitrary file upload vulnerability
An arbitrary file upload vulnerability in /admin/upload.php allows attackers to getshell
Firstly, we can register an admin account [username:admin / password:admin] .Then enter the website backend and click the article editing button.

There is an image upload function on this interface. Hackers can upload a normal image first, and then use BurpSuite to intercept it.Then modify the request content: change the file suffix name to PHP and the file content to webshell. Finally, click the send button to upload the malicious file.

Accessing webshell to getshell /upload/upload_c1e14b5b6314466a34fc7fc93767a3ca.php

Fix suggestion: Set a whitelist for file suffixes uploaded by users
Metadata
Metadata
Assignees
Labels
No labels