Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is a file upload vulnerability here: /admin/index.php?mode=content&page=media&action=edit #14

Open
zhendezuile opened this issue Apr 1, 2022 · 0 comments

Comments

@zhendezuile
Copy link

zhendezuile commented Apr 1, 2022

Vulnerability file: \functions.php
You can see that the file is uploaded directly without the verification file suffix.
image

Vulnerability to reproduce:
1、First log in to the backend of the website
2、Visit url: http://www.xxx.com/admin/index.php?mode=content&page=media&action=edit&file=de.gif&type=1 .
Then operate as shown below:
image
3、You can see that 1.php is successfully uploaded
image
4、Visit http://www.xxx.com/media/images/1.php and execute the code to get phpinfo information
image

Repair suggestion:
Set the upload whitelist and limit the suffixes of uploaded files to gif, jpg, and png

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant