Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on New Template, and modifying the filename from ../index.html to ../index.php.
- https://blog.csdn.net/qq_36093477/article/details/86681178
- https://github.com/J1ezds/Vulnerability-Wiki-page
- https://github.com/Threekiii/Awesome-POC
- https://github.com/XiaomingX/awesome-poc-for-red-team