Whitney Walton Internet behavior management system Getshell without login-bug warning-the black bar safety net

2015-06-13T00:00:00
ID MYHACK58:62201563565
Type myhack58
Reporter 佚名
Modified 2015-06-13T00:00:00

Description

This set of system after login, the vulnerability of many shallow dug several no sign of vulnerability here to submit an getshell it.

Detailed description:

Vulnerability file: base/sys/tcpdump.php

code area

<? php

exec($_REQUEST['bpf']." -w /tmp/dumpfiles/".$ nowtime.". pcap");

echo $_REQUEST['bpf']." -w /tmp/dumpfiles/".$ nowtime.". pcap";

?>

The vulnerability is simple, direct command execution getshell, exp not attached, write to test the code area.

Vulnerability proof:

Use google to search for a few cases:

  1. https://angelic. com. cn

  2. http://222.223.56.116

  3. https://test. bescar. com

  4. https://222.92.15.100

  5. http://mail. hualiu. cc

Attached 2 example used as proof of, the specific use of the method, see test code area:

1. http://222.223.56.116/base/wooyun.php

! QQ20150310-5@2x.png

2. https://angelic.com.cn/base/wooyun.php

! QQ20150310-6@2x.png