Closed
Description
Bludit v3.13.0 has a file upload vulnerability in 'backup' plugin . It requires administrator privileges .
1 open http://10.150.10.170/admin/plugins
Activate 'backup' plugin and click the Settings

2 open http://10.150.10.170/admin/configure-plugin/pluginBackup
upload the 'https://github.com/zongdeiqianxing/files/blob/master/2020-07-24-13-58-42.zip' zip file that I provide .
The zip file has a 1.php in the bl-content\uploads directory,
Notices: please be careful not to open or modify this zip file, because this will cause an error

4 http://192.168.61.242/bl-content/uploads/1.php
Open the url can see phpinfo ,and can use 'ant' to connect the backdoor via http://xx.xx.xx.xx/bl-content/uploads/1.php


Metadata
Assignees
Labels
No labels
