Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-35314 PoC — WonderCMS 操作系统命令注入漏洞

Source
https://github.com/ybdegit2020/wonderplugin
Associated Vulnerability
Title:WonderCMS 操作系统命令注入漏洞 (CVE-2020-35314)
Description:WonderCMS是一套基于PHP的开源内容管理系统(CMS)。 WonderCMS 3.1.3 存在操作系统命令注入漏洞,该漏洞源于index.php中的installUpdateThemePluginAction函数中存在操作系统命令注入漏洞,允许远程攻击者可利用该漏洞上传一个自定义插件,该插件可以包含任意代码,并通过主题插件安装程序获得webshell。
Description
cve-2020-35314,一个带phpcode的zip文件
File Snapshot

 [4.0K]  /data/pocs/72f2f8177530f955353e91ae3dff55f982e61149
├── [4.0K]  css
│   └── [   4]  style.css
├── [  78]  evil.php
├── [103K]  preview.jpg
├── [  17]  summary
├── [   6]  version
└── [   6]  wonderplugin.php

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.