admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

add PbootCMS parserIfLabel RCE

Browse Source
This commit is contained in:
gobysec 2021-07-06 14:49:17 +08:00
parent 616ffb4478
commit 8f46fda3c3
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
PbootCMS/PbootCMS_parserIfLabel_RCE/PbootCMS_parserIfLabel_RCE.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1023 KiB

9
PbootCMS/PbootCMS_parserIfLabel_RCE/PbootCMS_parserIfLabel_RCE.md Normal file
View File

@ -0,0 +1,9 @@
# PbootCMS parserIfLabel RCE
A Remote Code Execution vulnerability exists in parserIfLabel function. Exploit demand: PbootCMS 3.0.1-3.0.4, PHP >= 7.0, system() function is not forbidden.
**FOFAquery rule**: [app="PBOOTCMS"](https://fofa.so/result?qbase64=YXBwPSJQQk9PVENNUyI%3D)
# Demo
![](PbootCMS_parserIfLabel_RCE.gif)