Open yanqian1993 opened 4 years ago
Vulnerability profile: In edit blog template, we can control the website system by writing PHP executable code and running malicious code Test environment: PHP version 5.6.2 +appach Affected version <=3.0.4 Vulnerability details:
2.Write PHP executable code in template content
3.Save the modified template content,visit:http://ip:port/monstra/blog Get shell and control the website
Vulnerability profile: In edit blog template, we can control the website system by writing PHP executable code and running malicious code Test environment: PHP version 5.6.2 +appach Affected version <=3.0.4 Vulnerability details:
2.Write PHP executable code in template content
3.Save the modified template content,visit:http://ip:port/monstra/blog Get shell and control the website