Headline
CVE-2023-26823: exshopbug/README.md at main · jingping911/exshopbug
An arbitrary file upload vulnerability in the /admin/template.php component of shopEx EcShop v4.1.5 allows attackers to execute arbitrary code via a crafted PHP file.
EcShop v4.1.5 file upload vulnerability****1.Affected version
EcShop v4.1.5
2.Firmware download address****
https://www.ecshop.com/download
or this project
3.Vulnerability details****
The file upload vulnerability in the ecshop management background allows the webshell to be uploaded to elevate permissions.
Filtering is not strict in file upload, which leads to bypassing the restriction of. php
4.Vulnerability details****
1.First log in to the background, and then use burp to grab the cookie
2.After getting the cookie, import or open and paste the burp request package in the attachment into burp (it is better to import the data package, pasting may cause data package errors), and then replace the cookie value with the cookie value just obtained
3.Then send the constructed request packet, return 200, and generate the corresponding file locally
4.Use behinder to connect to the trojan file. The trojan file is/themes/hhhh/123.php in the root directory, and the password is a, and successfully connect to webshell
/ECShop_ V4.1.5/source/ecshop/themes/hhhh/123.phP
5.author
Wangjingping