wms Command execution vulnerability in /wms/src/system/databak.php

Command execution vulnerability in /wms/src/system/databak.php

Open Juneah opened this issue 3 years ago • 0 comments

Vulnerability Type :

Command execution

Vulnerability Version :

1.1

Recurring environment:

Windows Server 2012 PHP 5.5.38 Apache 2.4 Mysql 5.6

Vulnerability Description AND recurrence:

During installation, use the db_wms_2013_12_31_15_48_34.sql file in the \system\ directory for installation

In the /system/databak.php file, the parameter filename was received through $_POST, and it was not filtered. The exec function was brought in, resulting in a command execution vulnerability.

$J3YP@2HTTM~2DRV}(OHZ3I

There is no echo here, let's test adding a system user here _7G3ND54XZ@0C5_NL1`4TP2

payload： filename=1 || net user test /add

May 21 '21 01:05 Juneah

wms wms copied to clipboard

Command execution vulnerability in /wms/src/system/databak.php

Vulnerability Type :

Vulnerability Version :

Recurring environment:

Vulnerability Description AND recurrence:

wms
wms copied to clipboard