phpcms multiple versions of the background holding shell vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201340476
Type myhack58
Reporter 佚名
Modified 2013-09-09T00:00:00


Brief description:

phpcms multiple versions of the background holding shell vulnerability.

Detailed description:

url rules with generated static can get the shell.

Vulnerability proof:

1, the landing in the background." Extension"—"the URL rule Management"—"Add a rule"

! 2,“URL rule name”must be fill in the category,“Module Name”be sure to choose“content modules”, “whether to generate a static”must be selected, the“URL example”anywhere(but remember,the next to be used), and“URL rules”change the php file name. Then“OK”

! 3, the"content"—"manage fields"—"add column"

! 4, the“basic types”casually filled. But in the“section name”where the fill on the word Trojan. Remember, a pony's length not to exceed 3 0 characters.

! 5, and then switch to the”Generate HTML settings”.” Column to generate the HTML”select”is”,”URL rules”to select just the URL to the management office to fill in the”URL example”. Here is a 90sec

! 6, the OK and the“update column cache”

! 7, the“content”—the“batch Update section of the page”—“start update”

8, the 一句话 木马 的 地址 是 http://XXXXXXXX/html/xxx.php

Repair solutions:

Master hacker, you know.