Closed Lilc1 closed 4 years ago
You can upload these two files through the csrf vulnerability, even without logging in to the background.
Could you please test the latest dev release 4.7.10-dev4? https://github.com/pluck-cms/pluck/releases/tag/4.7.10-dev4
您能否测试最新的开发版本4.7.10-dev4? https://github.com/pluck-cms/pluck/releases/tag/4.7.10-dev4
All right!
Have you retested with the latest dev version?
Have you retested with the latest dev version?
Can you apply for a CVE ID for me? Steps: https://help.github.com/en/github/managing-security-vulnerabilities/publishing-a-security-advisory#requesting-a-cve-identification-number
Vulnerability location: /data/inc/file.php line:42 If the file name is '.htaccess', the strpos function returns a result of 0. Demo: Upload these two files in the management file interface.
Access in /files/1.txt. Successful execution. Then upload attack code. Successfully obtained the shell. Poc: