Headline
CVE-2022-29624: Arbitrary file upload vulnerability exists in tpcms v3.2 · Issue #I533KY · 快乐源泉/tpcms - Gitee.com
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file.
1,Logging into the management system of tpcms v3.2 (admin/admin888):
URL:
http://IP/admin
2,"Settings" - “Site Configuration” - “Site Settings” - “More Settings” - "File Upload Format (cfg_file)", add the file of php format:
3,"Content" - “Service Management” - “Fragment Data” - "Add Fragment Data":
4,In the text edit box, select "Add File", select the PHP webshell and upload to the server:
5,Access the PHP file according to the echoed path, and successfully getshell: