Headline
CVE-2021-40954: Any file upload exists at the background plug-in · Issue #11 · bettershop/LaikeTui
Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.
Any file upload exists at the background plug-in
Locate file: /app/LKT/webapp/modules/plug_ins/actions/addAction.class.php
Firstly, the upload format is not filtered. Secondly, uploading the compressed package will decompress the index file in the compressed package and automatically include the file
As a result, files with any suffix can be uploaded or compressed packages can be uploaded. The compressed packages contain webshell files
Upload succeeded!
The file is in the /APP/LKT/zip/
Let’s visit