Shopx series products may be programming habits. They do not strictly filter the uploaded template package, leading to the upload of Attack Files. If the permission settings are strict, they may become invalid, however, it is still very harmful. This vulnerability may be caused by the programmer's programming habits. I wanted to hold it in my hand, but it would be more fun to discover new defects. I should leave this defect to the official team and hope to fix it later.
Detailed description:
The file in the package uploaded by the template is not fully case-sensitive. In WINDOWS, some servers are case-insensitive and have a high risk. In addition, malformed suffixes are used, which may cause a high risk, I took advantage of this defect and won the 485 webshell on the official demonstration site. Due to official server reasons, I only resolved the php with a lowercase suffix, so the Suffix in upper case is not a threat, malformed suffix parsing defects, but the PHP file can be successfully executed!
This vulnerability exists for easy-to-store stores and shopex 4.85, and ECOS are not tested!
Check the content of my template package!
Let's take a look at the content I uploaded to my website.
Solution:
Make sure that all the file names are in lower case before judgment!
Author: fish in the south of Yangtze River
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
