Skip to content
This repository has been archived by the owner on Dec 1, 2023. It is now read-only.

file upload vulnerability in pagekit 1.0.18 #970

Open
Townmacro opened this issue Aug 26, 2022 · 0 comments
Open

file upload vulnerability in pagekit 1.0.18 #970

Townmacro opened this issue Aug 26, 2022 · 0 comments

Comments

@Townmacro
Copy link

Problem

A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files

Technical Details

  • Pagekit version:1.0.18
  • Webserver:Nginx2.4.18
  • Database:Mysql5.7.26
  • PHP Version:7.3.4
  • OS:Windows10

A file upload vulnerability exists in the storage feature of pagekit v1.0.18, which allows an attacker to upload malicious files

  1. do not set allow php files to be uploaded

1

  1. then select the upload point to upload the malicious php file and modify the packet via Burp Suite to change the file name

    2

  2. Upload the file successfully

    3

  3. The file can then be accessed at /storage/shell.php

    4
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Townmacro