Upload web shell flatcore Version 2.0.8

Question

Upload web shell flatcore Version 2.0.8

Closed this issue 2 years ago · 4 comments

ngochieu-kiminawa commented 3 years ago

Upload web shell
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

Login to flatcore CMS (admin user)
Click on 'Addons'
Click on 'Install'
Click on 'Plugin'
Choose a malious PHP file example is webshell.php
URL for malious PHP file: http://domain/upload/plugins/webshell.php

Screenshots
This POC for vuln :https://youtu.be/3w1M9eL_JiI
file payload
webshell.zip

Desktop (please complete the following information):

OS: tested in Linux
Browser : All
Version : Last version

Additional context
This vulnerability is extremely serious affecting the system. An attacker can take control of the entire server.

Answer 1 · 2021-09-06T17:25:11.000Z

That's the same as Issue #58

Answer 2 · 2021-10-07T14:32:19.000Z

@patkon
Has RCE via Module Addons been fixed yet? on version 2.0.9

Answer 3 · 2021-10-07T14:52:39.000Z

Not really fixed. The admin has to confirm a message that he knows what he is uploading.
See: Issue #54
I'm working on the possibility that you can turn off the entire upload vie config.php file.

Answer 4 · 2021-10-07T15:29:26.000Z

And here we go. Uploads for Addons are deactivated by default now. You can switch this on/off in your own config.php file.