ERP is available in application/controllers/basedata/inventory In php, the uploadImages function controls the file upload. It does not check the uploaded files. The uploaded files are saved in the path/data/upload/tools/. Use the webshell tool to connect the uploaded PHP file, and then you can getshell
二:Vulnerability recurrence:
Log in to the background and click Commodity Management
Click the image logo to add an image
Upload PHP Trojan Files
Code audit to find the path to upload files
Access the uploaded PHP script file and use the webshell management tool to connect
一. ERP has file upload vulnerability getshell
ERP is available in application/controllers/basedata/inventory In php, the uploadImages function controls the file upload. It does not check the uploaded files. The uploaded files are saved in the path/data/upload/tools/. Use the webshell tool to connect the uploaded PHP file, and then you can getshell
二:Vulnerability recurrence:
三:Exploit POC
The text was updated successfully, but these errors were encountered: