Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kooboo 代码问题漏洞
Vulnerability Description
Kooboo是一种新型的 Web 开发工具,能够开发静态页面或复杂的网站。 Kooboo CMS 2.1.1.0存在安全漏洞,该漏洞源于软件对于用户上传的文件缺乏有效的验证和过滤。攻击者可以上传一个远程shell(例如aspx)到服务器,然后调用它从受害服务器接收一个反向shell。文件被上传到/Content/Template/root/reverse-shell.apex并且可以简单地通过浏览该URL触发。
CVSS Information
N/A
Vulnerability Type
N/A