Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

zzcms 8.3 latest version file deletion



ZZCMS download page:

http://www.zzcms.net/about/6.htm

zip file you can install:

http://www.zzcms.net/download/zzcms8.3.zip

Added functionality

in zzcms 8.3,It adds an optional feature to upload video, but this feature requires an administrator to open it. Alt text

exploit

The variables related to the video are mainly $flv: You can see that the processing flow is the same as the previous img, so there may be problems. After simple testing, it is feasible. Let's write the attack steps:
1.When posting the advertisement information, use the network address, then capture the package, change flv to the file name to be deleted, click Send, and the dirty data is placed in the database: Alt text
2. Then when you delete this ad, you can trigger the action: Alt text
3. Then you can see the effect, install/install.lock is deleted Alt text

Vulnerability core code:

Alt text