Wolf CMS 0.8.3.1 – Remote Code Execution (RCE)

Exploit Database
100 阅读

作者： Ahmet Ümit BAYRAM

日期： 2023-05-05
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/51421/

# Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)
# Date: 2023-05-02
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://wolf-cms.readthedocs.io
# Software Link: https://github.com/wolfcms/wolfcms
# Version: 0.8.3.1
# Tested on: Kali Linux

### Steps to Reproduce ###

# Firstly, go to the "Files" tab.
# Click on the "Create new file" button and create a php file (e.g:
shell.php)
# Then, click on the file you created to edit it.
# Now, enter your shell code and save the file.
# Finally, go to https://localhost/wolfcms/public/shell.php

### There's your shell! ###

last Exploits
Wolf CMS 0.8.3.1 – Remote Code Execution (RCE)的更多信息

Openfire 3.10.2 – Unrestricted Arbitrary File Upload：
WordPress Plugin SolveMedia 1.1.0 – Cross-Site Request Forgery：
BTCPay Server v1.7.4 – HTML Injection：
D-Link DNS-343 ShareCenter < 1.05 - Command Injection：
CS-Cart 1.3.3 – authenticated RCE：
Docebo 3.6.0.2 (stable) – Local File Inclusion：
BigBlueButton 2.2.25 – Arbitrary File Disclosure and Server-Side Request Forgery：
ManageEngine EventLog Analyzer 6.1 – Multiple Cross-Site Scripting Vulnerabilities：