Skip to content

I found a php code execute in /admin/web_config.php at version5.6 #4

Open
@liao10086

Description

@liao10086

hi:
I found a php code execute in /admin/web_config.php at version5.6
1.Login as admin
2. open http://192.168.10.12/admin/default.php
3.at the setting watermark input the payload
image

Watermark text input xxx'
Text color input ;phpinfo();//
image

4.submit and visit watermark setting you can see the php code execute
image

because the payload was write in /data/watermark.inc.php
image

the watermark.inc.php was inclue by require_once so php code execute
image

suggest:
replace ' ,,;,(,)

version:5.6
author by xijun.liao@dbappsecurity.com.cn

I hope you can fix it

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions