Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Description: The background can upload a compressed package, uncompressed without filtering, and getshell.
Put a webshell in the archive and upload it.
Then we can access the corresponding directory to getshell.
See line 188 of admin_component.php
if (in_array($exp[1], array('zip'))) { move_uploaded_file($_FILES['fupload']['tmp_name'], '../'.DIR_CON.'/uploads/'.$componentName); if (file_exists('../'.DIR_CON.'/'.$folderinstall.'/'.strtolower($this->postring->valid($_POST['component'], 'xss')))) { unlink('../'.DIR_CON.'/uploads/'.$componentName); $this->poflash->error($GLOBALS['_']['component_message_3'], 'admin.php?mod=component'); } else { $archive = new PoPclZip('../'.DIR_CON.'/uploads/'.$componentName); if ($archive->extract(PCLZIP_OPT_PATH, '../'.DIR_CON.'/'.$folderinstall.'/'.strtolower($this->postring->valid($_POST['component'], 'xss'))) == 0) { unlink('../'.DIR_CON.'/uploads/'.$componentName); $this->poflash->error($GLOBALS['_']['component_message_3'], 'admin.php?mod=component'); }
Only judge whether the upload is a zip archive, if it is directly decompressed, the directory to be extracted is
$archive->extract(PCLZIP_OPT_PATH, '../'.DIR_CON.'/'.$folderinstall.'/'.strtolower($this->postring->valid($_POST['component'], 'xss'))
The text was updated successfully, but these errors were encountered:
Terima kasih untuk temuan ini. Kami sebagai pengembang akan segera memperbaiki masalah ini di versi berikutnya.
Sorry, something went wrong.
Sudah diperbaiki pada versi 3
No branches or pull requests
Background GETCHELL
Description: The background can upload a compressed package, uncompressed without filtering, and getshell.
Put a webshell in the archive and upload it.
Then we can access the corresponding directory to getshell.
Code analysis
See line 188 of admin_component.php
Only judge whether the upload is a zip archive, if it is directly decompressed, the directory to be extracted is
The text was updated successfully, but these errors were encountered: