Whitney Walton Internet behavior management system Getshell without login-bug warning-the black bar safety net

ID MYHACK58:62201563565
Type myhack58
Reporter 佚名
Modified 2015-06-13T00:00:00


This set of system after login, the vulnerability of many shallow dug several no sign of vulnerability here to submit an getshell it.

Detailed description:

Vulnerability file: base/sys/tcpdump.php

code area

<? php

exec($_REQUEST['bpf']." -w /tmp/dumpfiles/".$ nowtime.". pcap");

echo $_REQUEST['bpf']." -w /tmp/dumpfiles/".$ nowtime.". pcap";


The vulnerability is simple, direct command execution getshell, exp not attached, write to test the code area.

Vulnerability proof:

Use google to search for a few cases:

  1. https://angelic. com. cn


  3. https://test. bescar. com


  5. http://mail. hualiu. cc

Attached 2 example used as proof of, the specific use of the method, see test code area:


! QQ20150310-5@2x.png

2. https://angelic.com.cn/base/wooyun.php

! QQ20150310-6@2x.png