POC详情: 07206532c8c51c9f69b188a2a062a3839bd5f6be

来源
https://github.com/3v1lC0d3/RCE-QloApps-CVE-2024-40318
关联漏洞
标题: Webkul QloApps 安全漏洞 (CVE-2024-40318)
描述:Webkul QloApps是Webkul公司的一个酒店预定管理软件。 Webkul QloApps 1.6.0.0版本存在安全漏洞,该漏洞源于存在任意文件上传漏洞。攻击者利用该漏洞通过上传特制的文件执行任意代码。
描述
Remote code execution Vulnerability in QloApps  (version 1.6.0.0)
介绍
# RCE-QloApps-CVE-2024-40318
A remote code execution (RCE) attack allow an attacker run code on a  computer. The ability to execute code could lead  to deploying additional malware or stealing sensitive data or even harm the server.

The remote code execution was discover in Qloapps version 1.6.0.0 while the application was being checked in the administrator panel, in the section “Modules  and services” where is possible to upload a modified module like “mailchimp-for-prestashop”(https://addons.prestashop.com/en/newsletter-sms/26957-mailchimp-for-prestashop.html”), this allowed to evade the php file upload restriction and get a remote code execution by modifing the file “cronjob.php” and accessing to it through the web browser.
文件快照

 [4.0K]  /data/pocs/07206532c8c51c9f69b188a2a062a3839bd5f6be
├── [736K]  qloapps--RCE.pdf
└── [ 752]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。