Espcms加密函数缺陷导致getshell

简要描述： espcms的加解密函数设计存在缺陷，可还原key并伪造cookie登陆后台getshell 详细说明： 程序的加解密函数存在缺陷，可以通过明文和密文逆向还原密钥 后台登陆处没有有效验证cookie有效性导致攻击者可以通过伪造cookie登陆后台 后台可以上传shell 下面一步一步来看 首先是加解密函数eccode function eccode$string, $operation = 'DECODE', $key = '@LFK24s224%@safS3s%1f%', $mcrype = true $result = null; if $operation ==...

ESPCMS 0day vulnerability analysis-vulnerability warning-the black bar safety net

Publishing author:★black kid★ Affected versions: unknown Official website: http://www.ecisp.cn Vulnerability type: COOKIES cheat Vulnerability description: made of COOKIES after the Modify to deceive, into the background upload in jpg structure Getshell it. Code analysis: function...