HongCMS
HongCMS copied to clipboard
Neeke
HongCMS中英文网站系统是一个轻量级的网站系统,访问速度极快,使用简单。程序代码简洁严谨,完全免费开源。 可用于建设各种类型的中英文网站,同时它是一个小型开发框架.
1.Login to the backstage as the administrator. 2.You need to edit the tpl file 3. Because the default safe mode configuration is off,so you can edit tpl file to getshell。...
1.Login to the backstage as the administrator; 2.You need to access the page"http://10.30.1.189/public/languages/Chinese.php" 3. Because the suffix of the language configuration file is php ,so you can modify this file...
There is an arbitrary file deletion vulnerability here: /admin/index.php/template/ajax?action=delete
Vulnerability file: \admin\controllers\template.php The vulnerability code is as follows:  Arbitrary file deletion vulnerability could lead to system reinstallation Vulnerability to reproduce: 1、First log in to the background to get...
Steps To Reproduce: 1. Login to the backstage as the admin; 2. POST shell data via /hongcms/admin/index.php/template ``` POST /hongcms/admin/index.php/template/upload HTTP/1.1 Host: 192.168.0.193 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64;...
HongCMS 0x01 Delete&&download Anything(Admin Privilege) /admin/controllers/database   There is a ajax() which can delete or download anything. The ForceStringFrom() is to receive get or post from user,if we get...
 Vulnerability location -----------------------------------------------------------------------------------------------
1.Login to the backstage as the administrator; 2.You need to access the page"http://10.12.11.184/hongcms-master/admin/index.php/template"  3.Change the file name you want to edit or read in the URL and access this...
CSRF exists in the background (administrator) to delete users: The backend only cares about the values of the parameters' deleteuserids' and 'updateuserids' So the attacker only needs to know the...
U need log into manage page and request this page:“http://127.0.0.1/cms/hongcms/admin/index.php/database/ajax?action=delete”. and POST **file** parameter file=**#fileName** if u delete **config.php** and **view install/index.php**, u will reinstall this cms! like this: ```...
there is an arbitrary file read and rewrite in the backend of this cms via the link: /hcms/admin/index.php/language/ajax when post params : filename=..%2f..%2ftest.php&action=savelang&filecontent=%3C%3Fphp%0D%0A%0D%0Aecho+phpinfo()%3B%0D%0A%3F%3E in the latest V4.0.0 edtion, the cms...
