Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

重装漏洞 #1

Closed
QiAnXinCodeSafe opened this issue Jan 4, 2019 · 3 comments
Closed

重装漏洞 #1

QiAnXinCodeSafe opened this issue Jan 4, 2019 · 3 comments
Assignees

Comments

@QiAnXinCodeSafe
Copy link

您好:
我是360代码卫士的工作人员,在我们的开源代码审计过程中,发现shopxo存在系统重装漏洞,详细信息如下:
在shopxo\application\install\controller\Index.php文件中,Add方法中没有校验锁文件,导致攻击者可以重装数据库。
default
构造如下post请求
default

可以发现本地数据库中新建了一个shopxo2的数据库,实际场景中攻击者可以在自己额公网服务器中的数据库开启远程连接,连上自己的数据库
default

最关键的地方是数据库配置文件也修改了
default
这个地方可以通过写入php代码来getshell,由于是在github上,详细信息就不具体说了,如果您对后面getshell的方法流程感兴趣,很乐意通过邮件告诉您

@gongfuxiang gongfuxiang self-assigned this Jan 5, 2019
@gongfuxiang
Copy link
Owner

已修复

@attritionorg
Copy link

@gongfuxiang Can you link to the fixing commit please?

@gongfuxiang
Copy link
Owner

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants