Code Injection in flatcore/flatcore-cmsValid
Oct 11th 2021
Bypass of remote code execution in https://github.com/flatCore/flatCore-CMS/issues/59
The following payload uses . for concatenation and ` to execute system commands.
Proof of Concept
- Insert the following as Permalink value
- Go to http://10.0.2.15/flatCore-CMS/content/cache/cache_lastedit.php to execute the payload, check the filesystem to see pwned.txt.
This vulnerability is capable of blind remote command execution as admin user.