qibo通杀csrf+存储xss+分析明文账号密码进后台+成功getshell

2015-03-20T00:00:00
ID SSV:94179
Type seebug
Reporter Root
Modified 2015-03-20T00:00:00

Description

简要描述:

csrf+xss+成功getshell以整站系统为例

详细说明:

后台无csrf防御,首先,看下全局过滤。全局过滤目录结构admin/index.php-admin/global.php-inc/common.inc.php这里是重点

None

<img src="https://images.seebug.org/upload/201503/1710170356b598721575f7266518d6035df50bb2.png" alt="11.png" width="600" onerror="javascript:errimg(this);">

cookie=VGxWUVoIVz5QVwAGBlVQXFYABQRVUQJTAlVdWwMCA1RRBA8FBgdaBA==638eb521ba mymd5 ('VGxWUVoIVz5QVwAGBlVQXFYABQRVUQJTAlVdWwMCA1RRBA8FBgdaBA==638eb521ba','127.0.0.1') 得:

<img src="https://images.seebug.org/upload/201503/17101728153d3ecab1535378a79c9e5bdc8c85d8.png" alt="10.png" width="600" onerror="javascript:errimg(this);">

密码为MD5加密,解密为admin 用户名passport第二个参数admin