Changjie Crm Background Attachment Any File Upload Vulnerability
Changjie Crm Background Attachment Any File Upload Vulnerability
Changjie CRM background attachment any file upload vulnerability
Vulnerability Description
There is any file upload vulnerability in Changjie CRM background attachment. By parsing the vulnerability, you can skip the suffix changes to obtain website permissions.
Vulnerability Impact
Changjie CRM
Network surveying and mapping
Vulnerability reappears
Login page
Some empty passwords are present admin/empty passwords
After logging in, add the customer and upload the attachment as a PHP file, where the file name is xxx.xxx.php format, change it across the suffix in the system
Click the file name to jump
This post is licensed under CC BY 4.0 by the author.