File upload authenticated Vulnerability in earcms<=4.1(20170710)(get shell)

There is a File upload authenticated Vulnerability in earcms<=4.1(20170710) which can make the hacker get shell.

login to backstage and visit

http://127.0.0.1/ear/admin.php?iframe=config_upload

change the music type that allow upload .

 

 

And visit

http://127.0.0.1/ear/user.php/music/add/

via any user and upload a webshell file .

the content of it can be:

and we can see the file path of the webshell visit the url with  webshell exploit tools(suggest antsword)and you can find that ,get shell success!

 

 

Reply