Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authenticated Remote Command Execution #62

Closed
Xyntax opened this issue Jan 13, 2017 · 4 comments

Comments

Projects
None yet
3 participants
@Xyntax
Copy link

commented Jan 13, 2017

Version

Github latest

PoC

1 Login and request http://localhost/GeniXCMS/gxadmin/index.php?page=media

2 Upload an edited png file with php code in it.

pic

3 Rename ext to .php7
pic
pic

4 Request uploaded file

pic

@semplon

This comment has been minimized.

Copy link
Owner

commented Jan 14, 2017

thank you for bringing up this issue. i'll fix it soon.

semplon added a commit that referenced this issue Jan 15, 2017

@semplon semplon closed this Jan 21, 2017

@fgeek

This comment has been minimized.

Copy link

commented Jan 21, 2017

Could you please create a new release to https://genixcms.org/ with the fixes, thanks? I could ask users to update their installations.

@semplon

This comment has been minimized.

Copy link
Owner

commented Jan 22, 2017

hi @fgeek just a little bit. there is still one security issue left. i will commit it soon.

thank you,

@semplon

This comment has been minimized.

Copy link
Owner

commented Jan 22, 2017

Hi @fgeek i just release our major version v1.0.0
You can download and try it.

thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.