This repository has been archived by the owner on Jan 5, 2023. It is now read-only.
Code execution vulnerabilities in the background #59
Comments
|
Thank you for reporting. I'll fix that as soo as possible. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the bug
Code execution vulnerabilities in the background
To Reproduce
Steps to reproduce the behavior:
1.Log in to the background
2.Go to /acp/acp.php?tn=pages&sub=new#position
3.Click info and enter the malicious php code in the Permalink parameter to jump out of the structure to execute the malicious code
4.Click save
5./content/cache/active_urls.php and /content/cache/cache_lastedit.php files will be inserted with malicious code
6.Visit the homepage and you will see that the malicious code we inserted was successfully executed and returned the result
Screenshots
Click Save New Page
/content/cache/active_urls.php and /content/cache/cache_lastedit.php files will be inserted with malicious code
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: