Headline
CVE-2022-44088: There is another Remote Code Execution after login Manage background · Issue #I5WSND · 轻舞飞沙/易思ESPCMS-P8企业建站管理系统 - Gitee.com
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component INPUT_ISDESCRIPTION.
There is another Remote Code Execution after login Manage background
待办的
azraelxuemo
创建于
2022-10-20 16:55
Here I choose the latest version downloaded from the official website,Because I found that the gitee version is not the latest version.
The official url is https://www.ecisp.cn/html/cn/download_espcms/.
login in to the manage background,and use below function
Use burpsuite ,and then modify the requests.
There we modify the INPUT_ISDESCRIPTION from 200 to 200,);phpinfo();/*
Then we see the below php file was modifyed by us,and we visit it
This vulnerability is similar to the previous one(#I5WSA0:There is a Remote Code Execution after login Manage background)
评论 (0)
azraelxuemo 创建了任务
登录 后才可以发表评论