BSteelooper
commented
2 years ago Duplicate for #106
I believe this is in the install modules section and not in the manage files section.
A module is to add functionality to the website, and needs a password to do. When you have the password, you can upload anything, and than utilise this uploaded content. this is impossible to fix, since this is the option to add functionality. for instance the inplace updater is an module which downloads and extracts files, an other module might do the same, so why restrict this, and restrict it to what.
Since the password is needed to exploit this, and with the password lost everything is up for grabs we won't fix this.
php5.2.17 1.Arbitrary code execution I uploaded webshell.zip in the module installation.
Visit 192.168.1.128/pluck-4.7.16dev3/data/modules/webshell/webshell.php
2.The file contains vulnerabilities
After uploading the webshell.zip file in the module installation, I visit admin.php and he will automatically include the / data/modules/webshell/webshell.php file I uploaded. After uploading the webshell.zip file successfully, it is found that http://192.168.1.128/pluck-4.7.16dev3/admin.php?action=managemodules automatically contains "D:\ phpStudy\ PHPTutorial\ WWW\ pluck-4.7.16dev3\ data\ modules\webshell\webshell.php".
