凡諾CMS 未授權訪問&文件包含Getshell漏洞

From PwnWiki
Revision as of 15:41, 10 July 2021 by Pwnwiki (talk | contribs) (Created page with "==未授權訪問==")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎中文(繁體)‎

未授權訪問

/fannuo/admin/cms_admin_edit.php?id=1

在Cookie中增加admin_name字段即可造成未授權訪問。

Xnip2021-06-25 14-55-12.jpg

文件包含Getshell

在添加頻道處上傳附件

Xnip2021-06-25 14-58-15.jpg

根據網站根目錄所在位置用../進行跨目錄

Xnip2021-06-25 14-59-27.jpg

首頁 - 點擊頻道,該URL可以進行遠程連接。

Retrieved from "https://pwnwiki.com/index.php?title=凡諾CMS_未授權訪問%26文件包含Getshell漏洞/zh-hant&oldid=6890"