New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PHPCMS v9 #1

Open
m0us3Sun opened this Issue Jul 23, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@m0us3Sun
Owner

m0us3Sun commented Jul 23, 2018

漏洞描述:
PHPCMS V9(简称V9)采用PHP5+MYSQL做为技术基础进行开发。V9采用OOP(面向对象)方式进行基础运行框架搭建。模块化开发方式做为功能开发形式。框架易于功能扩展,代码维护,优秀的二次开发能力,可满足所有网站的应用需求。
漏洞地址:
http://www.phpcms.cn/api.php?op=checkcode&code_len=4&font_size=16&width=1250&height=34000&font_color=&background=
找到存在验证码处,审查元素找到验证码链接:
1
然后抓包,观察验证码长、宽可控:
http://www.phpcms.cn/api.php?op=checkcode&code_len=4&font_size=16&width=1250&height=34000&font_color=&background=

2
3
不断加大长宽,多次发包,可导致拒绝服务攻击。
4
5
6
如果多发送几次直接可以导致服务器卡死,因为图像大小一直都是靠cpu在运算的。加大图像像素,多次发包直接可以导致服务器瘫痪,点到为止,仅测试。

修复:
建议配置图像默认参数,是参数不可控。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment