HongCMS 3.0 - Getshell by template/edit (Administrator Privilege)

1.Login to the backstage as the administrator.


2.You need to edit the tpl file 
<img width="1721" alt="image" src="https://user-images.githubusercontent.com/22998321/171530116-c4804c1f-1e1f-490f-a76e-0a7545e3347b.png">

3.  Because the default safe mode configuration is off，so you can edit tpl file to getshell。
The vulnerability code is as follows:
<img width="789" alt="image" src="https://user-images.githubusercontent.com/22998321/171530651-363a15ea-a8a3-4eb5-83ac-7308fb72ca53.png">


5. Add you webshell code in tpl file.
<img width="1580" alt="image" src="https://user-images.githubusercontent.com/22998321/171530999-f4b3dcab-6d21-4c25-89e3-34bd0d75e05a.png">

6. Then you can getshell in index file.
<img width="1472" alt="image" src="https://user-images.githubusercontent.com/22998321/171531375-76cb72a5-5bf7-4969-871a-2815bec37ecc.png">

 Repair suggestion:
1、Set safe mode true by default.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HongCMS 3.0 - Getshell by template/edit (Administrator Privilege) #19

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

HongCMS 3.0 - Getshell by template/edit (Administrator Privilege) #19

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions