Skip to content

Latest commit

 

History

History
41 lines (21 loc) · 1.81 KB

kodbox.md

File metadata and controls

41 lines (21 loc) · 1.81 KB

kodbox v1.26 has a command execution vulnerability

official website:https://kodcloud.com/

version:1.26

1.After setting up the environment, download the WebConsole plug-in

WPS图片(1)

WPS图片(2)

  1. Capture the corresponding code for analysis WPS图片(3)

Find routing is/plugins/webConsole/lib/index. The PHP

WPS图片(4)

  1. Index.php starts with check() for login authentication, and includes./webconsole.php.txt at the bottom, so the last file included is the key

WPS图片(5)

4.Analyze webconsole.php.txt and delete the.txt suffix for auditing purposes,If POST instantiates the WebConsoleRPCServer class, call the Execute() method in the class through $rpc_server.

WPS图片(6)

The processCall() method is invoked in Execute() to follow up processCall

WPS图片(7)

There are five parameters in params, the last of which is the command to execute

WPS图片(8)

5.The console directly executes system commands

WPS图片(9)

WPS图片(10)