Skip to content

There is a file inclusion vulnerability here: index.php?m=home&c=home&a=sp_set_config #4

Open
@zhendezuile

Description

Vulnerability file:\Application\Home\Controller\HomeController.class.php
The vulnerability code is as follows:
You can see that the incoming file is directly included here, and the file is not filtered
image

Vulnerability to reproduce:
1、First create a 1.txt file in the root directory of the website,of course, this can be any file in the root directory of the website
image
2、The code in the 1.txt file is as follows:
image
3、Visit url: http://www.xxx.com/index.php?m=home&c=home&a=sp_set_config ,use the post method to pass in $file and $config_array
image
4、You can see that shell.php is successfully generated in the root directory of the website
image
5、Use backdoor tool to connect shell.php
image

Repair suggestion:
1、Restrict incoming files to php suffix
2、Specifies the incoming filename
3、Detect and filter the content of incoming files

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions