Headline
CVE-2023-38915: Arbitrary file upload vulnerability causing getshell · Issue #1 · wolf-leo/EasyAdmin8
File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function.
Enter the backend, find the configuration options, and add the upload type PHP
http://localhost/admin/index/index.html#/admin/system.uploadfile/index.html
Click on product management options: http://www.easyadmin8.com/admin/index/index.html#/admin/mall.goods/index.html
add a new product
click image icon
upload a.php
then getshell
Fix for file upload vulnerability:
- The upload module needs to exist on the website, and permission authentication needs to be done to prevent anonymous users from accessing it.
- The file upload directory is set to prohibit script file execution. Even if the dynamic script of the uploaded backdoor cannot be parsed, causing the attacker to abandon this attack path.
- Set up a whitelist for uploading, which only allows images to be uploaded, such as jpg png gif. Other files are not allowed to be uploaded.
- The uploaded suffix name must be set to an image format such as jpg png gif.