There is an arbitrary file upload vulnerability in the background avatar upload.
The CMS only verified the suffix of the file in the front end by js, and we found that we could upload the PHP scripts directly after using Burp Suite for package capture modification.
The attacker can modify the box in the picture and upload the PHP script directly, It also returns the upload path(In the red box on the right of the figure above).
When the PHP file content is a Trojan, attackers can get the shell directly.
Here I used Behinder as a shell management tool, and getshell successfully.
The text was updated successfully, but these errors were encountered:
There is an arbitrary file upload vulnerability in the background avatar upload.
The CMS only verified the suffix of the file in the front end by js, and we found that we could upload the PHP scripts directly after using Burp Suite for package capture modification.

The attacker can modify the box in the picture and upload the PHP script directly, It also returns the upload path(In the red box on the right of the figure above).
When the PHP file content is a Trojan, attackers can get the shell directly.
Here I used Behinder as a shell management tool, and getshell successfully.



The text was updated successfully, but these errors were encountered: