Headline
CVE-2021-45286: GitHub - Boomingjacob/ZZCMS2021
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.
http://www.zzcms2021.com/index.php
1.Set up ZZCMS and access the default page normally: http://www.zzcms2021.com/index.php
LINK: https://github.com/Boomingjacob/ZZCMS2021/blob/main/1.png
2.Construct three HTM files containing malicious code named "bottom.htm", "index.htm", "top_index.htm". And then somehow upload it to the server on any path. For example, you can upload malicious files to the wordpress path through a CMS such as wordpress. Of course, you can upload anywhere on the server in some way, but not anywhere in the Apache directory.
LINK: https://github.com/Boomingjacob/ZZCMS2021/blob/main/2-1.png
3.Intercept current access information with Burpsuite, modify request lines, and add parameters “skin=../../wordpress0581”,then continue to submit.
LINK: https://github.com/Boomingjacob/ZZCMS2021/blob/main/3.png
4.At this point, you can see that "Success" pops up on the page, and click OK to pop up the user's cookie information saved in the current directory.
LINK: https://github.com/Boomingjacob/ZZCMS2021/blob/main/4.png; https://github.com/Boomingjacob/ZZCMS2021/blob/main/5.png