Headline
CVE-2022-29725: There is a file upload vulnerability in the background settings page · Issue #161 · Creatiwity/wityCMS
An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file.
The server build environment is windows
After logging in to the background, click Settings, there is a file upload vulnerability in an ico image upload point, you can bypass the upload, upload the webshell through this point, and you can take down the server.
Vulnerability location:http://172.20.10.2:8082/0/admin/settings/general
1.Upload the shell file and capture the package。Modify Content-Type to image/ico, filename to .php and php followed by spaces to bypass
2.Although the response packet is 302, the file itself has been uploaded successfully。The uploaded file is located in the \upload\settings directory, named favicon.php
3.The connection is successful through the ice scorpion, and the server shell is obtained.