You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Click Edit document metadata >> use burpsuite to capture >> save
In value current_value, edit value html to php
Click Actions >> view public link
7.Copy link to URL >> BOOM
Inpact :
An attacker could upload a dangerous executable file like a virus, malware, etc..
The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.
The text was updated successfully, but these errors were encountered:
Summary
hi team,
I found high Upload file to RCE.
Info
Zenario CMS 9.0.54156 last version
FireFox 92.0.1 (64-bit)
Steps
Login to account http://xxx.xxx.x.x/admin.php?cID=1&cType=html
Choose Documents >> Upload documents
Use burpsuite and capture request file a.html
Click Edit document metadata >> use burpsuite to capture >> save
In value current_value, edit value html to php
Click Actions >> view public link
7.Copy link to URL >> BOOM
Inpact :
An attacker could upload a dangerous executable file like a virus, malware, etc..
The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.
The text was updated successfully, but these errors were encountered: