Search...

MACCMS PHP version break security dogs background get webshell-vulnerability warning-the black bar safety net

2012-10-28T00:00:00

ID MYHACK58:62201235337
Type myhack58
Reporter 佚名
Modified 2012-10-28T00:00:00

Description

Yesterday run into, the recording process, nothing of the content, similar to articles sure, any resemblance is certainly no coincidence（language is not so good, everyone will see: the

Conditions: 1, movie Station is maccms php version. 2, The server install a security Dog. 3, There is a background account password.

Of course the first step Baidu a bit, there are no related articles. Found previously to have a large cow made a upload of the vulnerability test fails, the estimate is the official has been fixed.

Into the background, can be found to edit the template, as shown below:

!

Path is: http://0855.tv/admin/admin_templates.php?action=edit&file=../template/default/html/art.html

Then the IE configuration: http://0855.tv/admin/admin_templates.php?action=edit&file=index.php Get:

!

This comparable that ShopEx background calendar times directory shoved more, not only can see the content, you can also edit. So, basically you can get a webshell. The content is not high. In order not to disrupt the program, 我打算在admin/version.php This file is written in the back door. http://0855.tv/admin/admin_templates.php?action=edit&file=../admin/version.php As shown in Figure:

!

Point save

!

Visit: http://0855.tv/admin/version.php security Dog tip interception:

!

Baidu look through the safe Dog PHP Malaysia, there are many, the following is commonly used:

!

[1] [2] next

JSON Vulners Source

Initial Source

{"type": "myhack58", "published": "2012-10-28T00:00:00", "reporter": "\u4f5a\u540d", "bulletinFamily": "info", "id": "MYHACK58:62201235337", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2016-11-15T17:47:37", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-15T17:47:37", "rev": 2}, "vulnersScore": -0.1}, "lastseen": "2016-11-15T17:47:37", "viewCount": 0, "cvelist": [], "references": [], "edition": 1, "href": "http://www.myhack58.com/Article/html/3/62/2012/35337.htm", "modified": "2012-10-28T00:00:00", "title": "MACCMS PHP version break security dogs background get webshell-vulnerability warning-the black bar safety net", "description": "Yesterday run into, the recording process, nothing of the content, similar to articles sure, any resemblance is certainly no coincidence\uff08language is not so good, everyone will see: the \n\nConditions: \n1, movie Station is maccms php version. \n2, The server install a security Dog. \n3, There is a background account password. \n\nOf course the first step Baidu a bit, there are no related articles. Found previously to have a large cow made a upload of the vulnerability test fails, the estimate is the official has been fixed. \n\nInto the background, can be found to edit the template, as shown below: \n\n! [](/Article/UploadPic/2012-10/20121028135143586.jpg) \n\nPath is: \nhttp://0855.tv/admin/admin_templates.php?action=edit&file=../template/default/html/art.html \n\nThen the IE configuration: \nhttp://0855.tv/admin/admin_templates.php?action=edit&file=index.php \nGet: \n\n! [](/Article/UploadPic/2012-10/20121028135145703.jpg) \n\nThis comparable that ShopEx background calendar times directory shoved more, not only can see the content, you can also edit. \nSo, basically you can get a webshell. The content is not high. In order not to disrupt the program, \u6211\u6253\u7b97\u5728admin/version.php \nThis file is written in the back door. \nhttp://0855.tv/admin/admin_templates.php?action=edit&file=../admin/version.php \nAs shown in Figure: \n\n! [](/Article/UploadPic/2012-10/20121028135145160.jpg) \n\nPoint save \n\n! [](/Article/UploadPic/2012-10/20121028135146700.jpg) \n\nVisit: http://0855.tv/admin/version.php security Dog tip interception: \n\n! [](/Article/UploadPic/2012-10/20121028135146423.jpg) \n\nBaidu look through the safe Dog PHP Malaysia, there are many, the following is commonly used: \n\n! [](/Article/UploadPic/2012-10/20121028135146766.jpg)\n\n**[1] [[2]](<35337_2.htm>) [next](<35337_2.htm>)**\n"}