ArticleCMS
ArticleCMS copied to clipboard
woider
基于 Bootstrap 3.2 和 ThinkPHP 5.0 搭建的响应式资讯网站,侧重于后台用户和文章的管理。
there is a File upload attack vulnerability,It can lead to arbitrary uploading of PHP script files. The location of the vulnerability is in http://ip/public/admin,where the content editing function is. ...
As we know Thinkphp5 had a remote code execution in low version , so we can exectue any code in ArticleCMS.  need update the version
When the super administrator (root) logged in, there are 2 important POST methods without CSRF protection, can create a new user and promote it to administrator privileges. This can be...
Place in modify the name and email insert test code will be executed after landing page POC: ` ``` - POST /update_personal_infomation HTTP/1.1 - Host: 127.0.0.1 - User-Agent: Mozilla/5.0 (Windows...
``` curl 'http://example.com/root_create_user' -H 'Pragma: no-cache' -H 'Origin: http://example.com' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: zh-CN,zh;q=0.8' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36'...
There is Two Cross-Site Request Forgery (CSRF) vulnerabilities in ArticleCMS allow attackers to create users and escalate privileges. When the super administrator (root) logged in, there are 2 important POST...
