havysec

icon indicating a website link https://weibo.com/crypto1as

Results 7 issues of havysec

upload xxx.php and getshell

http://fragrant:30001/OneFileCMS/onefilecms.php use username and password login the page Click "Upload FIle" ![image](https://user-images.githubusercontent.com/22767054/42047184-2d08a998-7b32-11e8-81c8-fa6c747d8daa.png) upload cmd.php http://fragrant:30001/OneFileCMS/qqqcmd.php?cmd=whoami ![image](https://user-images.githubusercontent.com/22767054/42047556-2c094164-7b33-11e8-8c69-a23ad015d754.png)

The " New FIle " button cause getshell

http://fragrant:30001/OneFileCMS/onefilecms.php use username and password login the page type New filename '123.php' click Create ![image](https://user-images.githubusercontent.com/22767054/42046202-ef448642-7b2f-11e8-9149-c45163246bb3.png) 123.php created successfully. ![image](https://user-images.githubusercontent.com/22767054/42046259-15e2b7a6-7b30-11e8-9843-443c64c1fc35.png) click 123.php write below ``` ``` click save ![image](https://user-images.githubusercontent.com/22767054/42046381-594c1d02-7b30-11e8-9da7-eab499b1bab9.png) 123.php saved...

the username and password can be bruted

![image](https://user-images.githubusercontent.com/22767054/42044790-76749a52-7b2c-11e8-8304-1252c3a7d537.png)

onefilecms.php in OneFileCMS through 2017-10-09 might allow attackers to access some secret file like passwd

onefilecms.php in OneFileCMS through 2017-10-09 might allow attackers to access some secret file like passwd access `http://fragrant:30001/OneFileCMS/onefilecms.php?i=etc/&f=passwd&p=raw_view` ![image](https://user-images.githubusercontent.com/22767054/42225478-3458693c-7f0f-11e8-94f3-cc374d98860b.png)

onefilecms.php in OneFileCMS through 2017-10-09 might allow attackers to delete anyfile or folders they want on the delete screen

access http://fragrant:30001/OneFileCMS/onefilecms.php by username/password ![image](https://user-images.githubusercontent.com/22767054/42224826-96c5a32a-7f0d-11e8-81fe-bebd3494af8f.png) access http://fragrant:30001/OneFileCMS/onefilecms.php?i=var/www/html/&f=123.php&p=edit&p=deletefile ![image](https://user-images.githubusercontent.com/22767054/42224881-bdd58138-7f0d-11e8-9796-c963e9ef5d54.png) Click `Delete File(s)` ![image](https://user-images.githubusercontent.com/22767054/42225002-155834d2-7f0e-11e8-8a5e-ac2c9b54638b.png)

onefilecms.php in OneFileCMS through 2017-10-09 might allow attackers to execute arbitrary PHP code via xxx .php filename on the Upload File screen

access http://fragrant:30001/OneFileCMS/onefilecms.php by username/password ![image](https://user-images.githubusercontent.com/22767054/42224170-04f09de8-7f0c-11e8-8824-7134c8a954ef.png) Click `Upload File` -> abc.php -> `Browse` -> select abc.php -> Click `Upload` ![image](https://user-images.githubusercontent.com/22767054/42224282-46d3774e-7f0c-11e8-9e14-d8b31afad85c.png) ![image](https://user-images.githubusercontent.com/22767054/42224306-54d2b40e-7f0c-11e8-8c42-2c78e4622f07.png) access http://fragrant:30001/abc.php ![image](https://user-images.githubusercontent.com/22767054/42224341-686439d4-7f0c-11e8-94c1-ad0f34ff1e76.png)

onefilecms.php in OneFileCMS through 2017-10-09 might allow attackers to execute arbitrary PHP code via xxx .php filename on the New File screen

onefilecms.php in OneFileCMS through 2017-10-09 might allow attackers to execute arbitrary PHP code via xxx .php filename on the New File screen access http://fragrant:30001/OneFileCMS/onefilecms.php by username/password ![image](https://user-images.githubusercontent.com/22767054/42223064-6f53adea-7f09-11e8-8727-074ac65588db.png) Click `New File`...