Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remote command execution vulnerability exists in the management backend #80

Closed
1979139113 opened this issue Oct 22, 2019 · 1 comment
Closed

Comments

@1979139113
Copy link

1979139113 commented Oct 22, 2019

In the ""超级控制台->模板->模板管理"", Add function can bypass suffix whitelist verification, and upload any file.

The way to bypass the whitelist suffix is to add one point at the end of the file name.

Like this.

1.php.

图片

Then click Save.

图片

File 1.php will be successfully created and written to malicious content.

Then go to http://127.0.0.1/maccms10/template/1.php to get the webshell.

图片

@magicblack
Copy link
Owner

已经修复~稍后更新。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants