You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is an arbitrary file upload vulnerability in the background avatar upload.
The CMS only verified the suffix of the file in the front end by js, and we found that we could upload the PHP scripts directly after using Burp Suite for package capture modification.
The attacker can modify the box in the picture and upload the PHP script directly, It also returns the upload path(In the red box on the right of the figure above).
When the PHP file content is a Trojan, attackers can get the shell directly.
Here I used Behinder as a shell management tool, and getshell successfully.
The text was updated successfully, but these errors were encountered:
There is an arbitrary file upload vulnerability in the background avatar upload.
The CMS only verified the suffix of the file in the front end by js, and we found that we could upload the PHP scripts directly after using Burp Suite for package capture modification.

The attacker can modify the box in the picture and upload the PHP script directly, It also returns the upload path(In the red box on the right of the figure above).
When the PHP file content is a Trojan, attackers can get the shell directly.
Here I used Behinder as a shell management tool, and getshell successfully.



The text was updated successfully, but these errors were encountered: