[漏洞复现] CVE-2024-33752 emlog后台插件任意文件上传
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">自己</span>非原创漏洞作者,<span style="color: black;">文案</span>仅<span style="color: black;">做为</span>知识分享用</strong></span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;">一切直接或间接<span style="color: black;">因为</span>本文所<span style="color: black;">导致</span>的后果与<span style="color: black;">自己</span>无关</strong></span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;">如有侵权,联系删除</strong></span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">项目简介</span></strong></span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">emlog 是一款基于 PHP 和 MySQL 的功能强大的博客及 CMS 建站系统,追求快速、稳定、简单、舒适的建站体验。</span></p><span style="color: black;"><span style="color: black;">研发</span>语言:PHP</span><span style="color: black;">项目<span style="color: black;">位置</span>:https:<span style="color: black;">//www.emlog.net/</span></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/DT3jlATYvfgxG6gZ10TEQu9LYHSiaufeGYf1x8tzyQZBRh28wo5k3Tpl0iadibOE555DT03u873z87FAoO1yzxMgw/640?wx_fmt=png&from=appmsg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">空间测绘</span></strong></span></p><span style="color: black;">关注公众号,回复“20240520”获取空间测绘语句</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">漏洞描述</span></strong></span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">emlog pro 2.3.0 和 pro 2.3.2 中的 admin/views/plugin.php 中存在任意文件上传漏洞,远程攻击者可利用该漏洞提交上传恶意文件的特殊请求以执行任意代码。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">影响版本</span></strong></span></p><span style="color: black;">所有最新版本</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">漏洞验证</span></strong></span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1.制作插件zip(zip内必须有一个文件夹)。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/DT3jlATYvfgxG6gZ10TEQu9LYHSiaufeG3LTQbNpo8awTpdI0xDEac57PUkv6rWa7NMMD8ibXIFKbCQRT0ZRiavXg/640?wx_fmt=png&from=appmsg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">2.点击“插件-安装插件-<span style="color: black;">选取</span>文件”上传制作好的zip文件。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/DT3jlATYvfgxG6gZ10TEQu9LYHSiaufeGesR74D0dWIia4VqXGvTuOmnniaFT1cPzs6YuicTeYI1d7fd53Eic8h78hw/640?wx_fmt=png&from=appmsg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">3.<span style="color: black;">而后</span><span style="color: black;">拜访</span>下面链接,成功getshell。</p>
<span style="color: black;"><span style="color: black;">http:</span>/<span style="color: black;">/192.168.243.175/content</span><span style="color: black;">/plugins/test</span><span style="color: black;">/test.php</span></span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/DT3jlATYvfgxG6gZ10TEQu9LYHSiaufeGq2s7PoC0EnicTAWiblKUxeCcS2KgrkWPt7hsR7kOCicPbQt1oRQsalB9A/640?wx_fmt=png&from=appmsg&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><strong style="color: blue;"><span style="color: black;">参考链接</span></strong></span></p><span style="color: black;"><span style="color: black;">https</span>://nvd.nist.gov/vuln/detail/CVE-2024-33752</span><span style="color: black;"><span style="color: black;">https</span>://github.com/ssteveez/emlog/blob/main/emlog<span style="color: black;">%20</span>pro<span style="color: black;">%202</span>.3.4<span style="color: black;">%20</span>has<span style="color: black;">%20</span>RCE<span style="color: black;">%20</span>caused<span style="color: black;">%20</span>by<span style="color: black;">%20</span>the<span style="color: black;">%20</span>zip<span style="color: black;">%20</span>decompression<span style="color: black;">%20</span>function<span style="color: black;">%20</span>when<span style="color: black;">%20</span>installing<span style="color: black;">%20</span>plugins.md</span>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;"><span style="color: black;">关注公众号,回复“20240520”获取空间测绘语句</span></span></strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_gif/DT3jlATYvfgxG6gZ10TEQu9LYHSiaufeGibZLI5m5aTd5ribje0uq3aFn0rk0FLMgwzQGezY1ToFVbZ2q1yxGfZTg/640?wx_fmt=gif&from=appmsg&tp=webp&wxfrom=5&wx_lazy=1" style="width: 50%; margin-bottom: 20px;"></p>
期待你更多的精彩评论,一起交流学习。 这篇文章真的让我受益匪浅,外链发布感谢分享! 可以发布外链的网站 http://www.fok120.com/ 我深感你的理解与共鸣,愿对话长流。 对于这个问题,我有不同的看法...
页:
[1]