Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is an file inclusion vulnerability() in the template management module in UCMS 1.6. #1

Open
luoyangchangan opened this issue Oct 1, 2022 · 0 comments

Comments

@luoyangchangan
Copy link
Owner

vendor: http://uuu.la/

UCMS 1.6 installation package: http://uuu.la/uploadfile/file/ucms_1.6.zip

After installation, log in to the background

click Site management
image

click on the Custom page
image

fiset click Add Page,then click choose
image

click footer.php
image

Add shellcode ,then click save it
image

And then we go to the home page,and we find that the code has been executed
image

According to the code, we find that it is caused by the include function with inc/func.php,it use the previous template file(footer.php)
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant