There is an authorization access vulnerability in seven bear library CMS

1.About

Seven Bears is a library CMS system similar to Baidu Library, which can share and sell documents. After the user uploads the source document, seven bears will automatically transcode the document into HTML, after success, the document HTML back library CMS. Realize plug-in-free, online browsing.

CMS address:

https://gitee.com/mirweiye/wenkucms

Address of the vulnerability replay

https://www.jianshu.com/p/add86fa50048

2.Exploit

Build CMS to the local computer.
image-20230609152217648.png

After testing, it is found that the interface is not authorized to verify, using the interface can upload any file to the server

http://127.0.0.1/wenkucms-master/index.php?g=admin&m=attachment&a=editer_upload

The HTML is constructed locally

image-20230609152438451.png

Use the following

image-20230609152624459.png
image-20230609152651550.png
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。