Difference between revisions of "CVE-2018-20129 dedecmsV5.7 SP2 前台文件上傳漏洞/zh-cn"
From PwnWiki
(Created page with "CVE-2018-20129 dedecmsV5.7 SP2 前台文件上传漏洞") |
(Created page with "修改文件名为content-type,即可返回webshell地址") |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
==漏洞利用== | ==漏洞利用== | ||
| − | + | 登录并进入<code>member/article\_add.php</code>发布文章,选择下面的富文本编辑器插入图片 | |
| − | |||
| − | |||
[[File:Af04d86a30794181263cad493b759731.png |700px]] | [[File:Af04d86a30794181263cad493b759731.png |700px]] | ||
| − | + | 选择webshell文件并上传抓包 | |
| − | |||
| − | |||
[[File:189e02e32f8fc9c11570e03236594d1a.png |700px]] | [[File:189e02e32f8fc9c11570e03236594d1a.png |700px]] | ||
| Line 16: | Line 12: | ||
[[File:E3fef918b39b14960583f1d4e0fcb8c0.png |700px]] | [[File:E3fef918b39b14960583f1d4e0fcb8c0.png |700px]] | ||
| − | + | 修改文件名为content-type,即可返回webshell地址 | |
| − | |||
| − | |||
[[File:3c7c9ec6b57528d6d3171b7153b5445b.png |700px]] | [[File:3c7c9ec6b57528d6d3171b7153b5445b.png |700px]] | ||
Latest revision as of 15:14, 12 July 2021
漏洞利用
登录并进入member/article\_add.php发布文章,选择下面的富文本编辑器插入图片
选择webshell文件并上传抓包
修改文件名为content-type,即可返回webshell地址
