mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 09:12:08 +00:00
780 B
780 B
CVE-2021-36582
Description
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL.
POC
Reference
No PoCs from references.