Monitorr 漏洞列表

Monitorr是一个实时显示任何网络应用程序或服务状态的网络前端，该系统存在文件上传漏洞，通过该漏洞可以获取服务器权限。 Fofa: icon_hash="-211006074" || body="assets/php/timestamp.php"

Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code execution within the Monitorr.

A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

文件上传漏洞发生在应用程序允许用户上传文件的功能中，如果上传功能未能正确地验证和限制上传文件的类型和内容，攻击者可能利用此漏洞上传恶意文件，如包含可执行代码的脚本文件，从而在服务器上执行任意命令，控制或破坏系统。

原理是攻击者可以在安装后再次访问安装面板。可以在安装页面创建一个新用户进行登录。登录成功后台有任意文件上传漏洞，可以上传shell文件进行执行

原理是攻击者可以在安装后再次访问安装面板。可以在安装页面创建一个新用户进行登录。