31 Star 203 Fork 78

HkCms / HkCms

 / 详情

Vulnerability: found a upload vuln about plugins

进行中
创建于  
2023-03-03 09:55

Risky path: /admin.php/appcenter/local.html?type=addon
The system allows users to import external plug-ins. When users construct malicious compressed packages, they can execute commands to obtain system permissions.
输入图片说明

Version: v2.2.4.230206
输入图片说明
e.g. Plug-in file structure:
输入图片说明
After uploading the plug-in, the system will execute the php file in the compressed package,
So we can control the contents of php files and execute high-risk commands.

As see, echo phpinfo() command in config.php
输入图片说明
Then Package the file into a zip file to upload.
After run this pluging, we can see "phpinfo()" command has been executed in response.

输入图片说明

评论 (0)

Redeem_Hu 创建了任务
Redeem_Hu 修改了描述
Redeem_Hu 修改了描述
Luo 任务状态从 待办的 修改为进行中
Luo 计划截止日期设置为2023-03-07
Luo 计划开始日期设置为2023-03-06
展开全部操作日志

登录 后才可以发表评论

状态
负责人
里程碑
Pull Requests
关联的 Pull Requests 被合并后可能会关闭此 issue
分支
开始日期   -   截止日期
-
置顶选项
优先级
参与者(1)
PHP
1
https://gitee.com/Hk_Cms/HkCms.git
git@gitee.com:Hk_Cms/HkCms.git
Hk_Cms
HkCms
HkCms

搜索帮助