Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PopojiCMS v2.0.1 backend plugin function has file upload vulnerability #35

Open
BlackCloud222 opened this issue Dec 15, 2022 · 0 comments

Comments

@BlackCloud222
Copy link

Exploit file upload vulnerability getshell

Vulnerability details:

In the administration backend, you can upload malicious builds of zip files in the plugin administration page.

Vulnerability url: http://127.0.0.1/po-admin/admin.php?mod=component&act=addnew

Steps:

  1. First you need to have backend access

  2. Prepare zip file containing malicious php

  3. Caricamento di file in Componenti/Aggiungi componente

    image-20221212112707382

    image-20221212115132818

    image-20221212115143498

  4. Next, you can find the php file at http://127.0.0.1/po-content/component/Component_Name/file_name Find the php file

    image-20221212115253701

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant