{ "Name": "Shiziyu CMS wxapp.php file upload getshell", "Description": "No need to log in for any file upload, return to the webshell path via exp,Using Behinder_v3.0 connection, password is rebeyond", "Product": "ShiziyuCMS", "Homepage": "https://www.tyha.cn/tag/%e7%8b%ae%e5%ad%90%e9%b1%bc%e7%a4%be%e5%8c%ba%e5%9b%a2%e8%b4%ad/", "DisclosureDate": "2021-05-28", "Author": "HuaiNian", "GobyQuery": "body=\"/seller.php?s=/Public/login\"", "Level": "3", "Impact": "
Unlimited arbitrary file uploads, direct access to Webshell
Set up a whitelist of suffix names