Books_Manager FileUpload
2026-01-13 00:00:00 # 漏洞

Vulnerability Introduction

The 1.0 version of Books_Manager’s upload_bookCover.php interface has an arbitrary file upload vulnerability, as its interface does not detect file suffixes. Attackers can upload any type of file, which may result in getshell and more serious consequences.

Vulnerability analysis

Vulnerability file:controllers/books_center/upload_bookCover.php

image-20260113162945482

The backend logic does not validate the file type.

Validation of the upload type was performed only on the frontend,in administrator/books_center/add_book.php file

image-20260113163223486

Vulnerability reproduction

image-20260113163415670

use BurpSuite to change request

image-20260113163518862

Find the path of webshell

image-20260113163610114

https://lib.crayon.vip/upload/bookCover/1768292566_chuizi.php

Use tools to connect webshell

image-20260113164010574

上一页
2026-01-13 00:00:00 # 漏洞
下一页