admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-06-20 09:50:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

add WDJACMS1.5.2模板注入漏洞.md

Browse Source
This commit is contained in:
mr-xn 2020-01-03 11:10:59 +08:00
parent 410b298aed
commit 7fec357f5c
3 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -99,6 +99,7 @@
- [CVE-2019-19844-Django重置密码漏洞(受影响版本:Django master branch,Django 3.0,Django 2.2,Django 1.11)](https://github.com/ryu22e/django_cve_2019_19844_poc/) - [CVE-2019-19844-Django重置密码漏洞(受影响版本:Django master branch,Django 3.0,Django 2.2,Django 1.11)](https://github.com/ryu22e/django_cve_2019_19844_poc/)
- [CVE-2019-17556-unsafe-deserialization-in-apache-olingo(Apache Olingo反序列化漏洞影响: 4.0.0版本至4.6.0版本)](https://medium.com/bugbountywriteup/cve-2019-17556-unsafe-deserialization-in-apache-olingo-8ebb41b66817) - [CVE-2019-17556-unsafe-deserialization-in-apache-olingo(Apache Olingo反序列化漏洞影响: 4.0.0版本至4.6.0版本)](https://medium.com/bugbountywriteup/cve-2019-17556-unsafe-deserialization-in-apache-olingo-8ebb41b66817)
- [ZZCMS201910 SQL Injections](./ZZCMS201910%20SQL%20Injections.md) - [ZZCMS201910 SQL Injections](./ZZCMS201910%20SQL%20Injections.md)
- [WDJACMS1.5.2模板注入漏洞](./WDJACMS1.5.2模板注入漏洞.md)
## 提权辅助相关 ## 提权辅助相关

11
WDJACMS1.5.2模板注入漏洞.md Normal file
View File

@ -0,0 +1,11 @@
## WDJACMS1.5.2模板注入漏洞
### 根据官网啊的漏洞公告和GitHub提交记录对比
[WDJA1.5.2漏洞公告](https://www.wdja.cn/news/?type=detail&id=3):
在会员中心的地址管理中添加地址未进行过滤,会造成任意文件写入漏洞.
[github提交记录](https://github.com/shadoweb/wdja/commit/eda57d4b803da920d0569eafd9abbddecb73ae65):
可以看到注意改动文件为`php/passport/address/common/incfiles/manage_config.inc.php``php/passport/address/common/incfiles/module_config.inc.php` 文件都加了 `ii_htmlencode`函数进行过滤。
### 审计流程大致可以看这里(来自合天智汇公众号作者-Xiaoleung)[WDJA1.5.2网站内容管理系统模板注入漏洞](%E3%80%90%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E3%80%91WDJA1.5.2%E7%BD%91%E7%AB%99%E5%86%85%E5%AE%B9%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%E6%A8%A1%E6%9D%BF%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.pdf)

BIN
books/【代码审计】WDJA1.5.2网站内容管理系统模板注入漏洞.pdf Normal file
View File

Binary file not shown.