Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

115cmsArbitrary file upload vulnerability

vendor : http://www.115cms.com/

115cms V4.2 installation package :https://gitee.com/haepic/www.115cms.com

Vulnerability type: V4.2

Recurrence environment:

Windows Server 2019 phpstudy

Vulnerability description: There is an arbitrary file upload vulnerability in the 15cmsV4.05 web application. loophole http://x.x.x.x/index.php/admin/content/index HTTP/, the allowed suffix for uploading can be set at the basic configuration of the background function website settings, and then the attachment can be uploaded at the content of the content management article. Any file can be uploaded, and the website can be controlled through webshell

Loophole recurrence: The file upload type and content are not filtered in extend/org/Upload. php Pasted image 20230310220503

Add "php" suffix in "Basic Settings" and click Save to upload successfully Pasted image 20230310222122 Pasted image 20230310222141 Pasted image 20230310222205

Then access the uploaded file “*.php”. Get webshell.

Pasted image 20230310222301