Home > php教程 > php手册 > Discuz! X upgrade/converter GETSHELL Vulnerability Via /conv

Discuz! X upgrade/converter GETSHELL Vulnerability Via /conv

WBOY
Release: 2016-06-06 19:48:01
Original
947 people have browsed it

目录 1 . 漏洞描述 2 . 漏洞触发条件 3 . 漏洞影响范围 4 . 漏洞代码分析 5 . 防御方法 6 . 攻防思考 1. 漏洞描述 对于PHP应用来说,处于用户的输入并正确划定"数据-代码"边界是十分重要的,黑客常用的攻击思路是在输入数据中注入"定界符(格式视具体场景而定

目录

<span>1</span><span>. 漏洞描述
</span><span>2</span><span>. 漏洞触发条件
</span><span>3</span><span>. 漏洞影响范围
</span><span>4</span><span>. 漏洞代码分析
</span><span>5</span><span>. 防御方法
</span><span>6</span>. 攻防思考
Copy after login

 

1. 漏洞描述

对于PHP应用来说,处于用户的输入并正确划定"数据-代码"边界是十分重要的,黑客常用的攻击思路是在输入数据中注入"定界符(格式视具体场景而定)",从而将输入的数据转换为可被目标系统执行的代码,以此达到代码注入执行的目的。
这个的漏洞的根源在代码注释(输入数据)中出现换行(定界符),导致代码注入执行

Relevant Link:

http:<span>//</span><span>p2j.cn/?p=357</span>
http:<span>//</span><span>loudong.360.cn/blog/view/id/15</span>
http:<span>//</span><span>www.2cto.com/Article/201402/278766.html</span>
http:<span>//</span><span>drops.wooyun.org/papers/929</span>
Copy after login


2. 漏洞触发条件

<span>1</span>. /convert/include/<span>global</span><span>.func.php未对用户的输入数据进行有效过滤(非数字、字母、下划线不能存在)
</span><span>2</span>. /convert/data/config.inc.php目录可写
Copy after login

0x1: 手工利用方式

http://localhost/discuz/utility/convert/index.php

Discuz! X upgrade/converter GETSHELL Vulnerability Via /conv

http://localhost/discuz/utility/convert/index.php?a=config&source=d7.2_x2.0

Discuz! X upgrade/converter GETSHELL Vulnerability Via /conv

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Recommendations
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template