On line 8, first move the file, then on line 10 determine the file type
So, we can keep submitting file upload requests, and then go to the directory where the file is being uploaded and access the file, and we can execute the code
I keep sending this POC using the BURP SUITE,At the same time,Go to http://127.0.0.1/upoads/shell.php, To execute the code I uploaded.(If you're unlucky, you'll visit links a little too often,lol)
Upon successful execution of the code, the file for test.php will be generated in the same directory and accessed directly
The text was updated successfully, but these errors were encountered:
Exploit Title: portfolioCMS race condition vulnerability exists
portfolioCMS GitHub: https://github.com/teklynk/portfolioCMS
Vulnerable files : localhost/admin/uploads.php
Analysis report:
On line 8, first move the file, then on line 10 determine the file type

So, we can keep submitting file upload requests, and then go to the directory where the file is being uploaded and access the file, and we can execute the code
POC:
I keep sending this POC using the BURP SUITE,At the same time,Go to http://127.0.0.1/upoads/shell.php, To execute the code I uploaded.(If you're unlucky, you'll visit links a little too often,lol)

Upon successful execution of the code, the file for test.php will be generated in the same directory and accessed directly

The text was updated successfully, but these errors were encountered: