Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remote Code Execution via File in Mara version 7.5 #1

Closed
r0ck3t1973 opened this issue Sep 1, 2020 · 1 comment
Closed

Remote Code Execution via File in Mara version 7.5 #1

r0ck3t1973 opened this issue Sep 1, 2020 · 1 comment

Comments

@r0ck3t1973
Copy link
Owner

/Describe the bug/
An attacker could insert any executable code through php via File to execution command in the server

/To Reproduce/

  1. Log into the panel.
  2. Click "File" >> New (Mara/codebase/dir.php?type=filenew)
  3. Click File Upload
  4. Insert payload php: r0ck3t-1973.php
  5. Save and Exit
  6. Go to Mara/img/r0ck3t-1973.php

/Screenhost/

  1. insert_file

  2. upload

  3. rce

@r0ck3t1973 r0ck3t1973 changed the title Remote Code Execution via Snippets module in Mara version 7.5 Remote Code Execution via File in Mara version 7.5 Sep 1, 2020
@Qrayyy
Copy link

Qrayyy commented Nov 11, 2021

默认admin账户登录 不知道密码诶 怎么进去啊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants