我是怎么样代码审计而后进入emlog后台的
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_gif/5ZACCn1bWEwP6RDYXx1reHOJJGVrgZYEicOE2xI7d0bN8W4mxfQy44HONPVskXOrGMO1BjlGHUtDftUXZ1nLicTg/640?wx_fmt=gif&tp=webp&wxfrom=5&wx_lazy=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;"><span style="color: black;"><span style="color: black;">起因:</span></span></span><img src="https://mmbiz.qpic.cn/mmbiz_gif/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ087Lxv2D8tP4n8TSXaTuHI2icfleIdKb3HeTrf1ZZ0jXnWmPPWetSOPQ/640?wx_fmt=gif&tp=webp&wxfrom=5&wx_lazy=1" style="width: 50%; margin-bottom: 20px;"></span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">伴侣</span>告诉我一个资源网发布了他原创软件的破解版本,发邮箱告明站长侵权但站长置之<span style="color: black;">不睬</span>;无奈之下去投诉他网站,结果<span style="color: black;">由于</span>他软件<span style="color: black;">无</span>申请专利、注册版权败诉了。</p><span style="color: black;"><span style="color: black;"><span style="color: black;">分析这个资源网:</span></span></span><img src="https://mmbiz.qpic.cn/mmbiz_gif/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ087Lxv2D8tP4n8TSXaTuHI2icfleIdKb3HeTrf1ZZ0jXnWmPPWetSOPQ/640?wx_fmt=gif&tp=webp&wxfrom=5&wx_lazy=1" style="width: 50%; margin-bottom: 20px;">
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ0jhibrQFM93FvrxKvZdyCXiaYLpj2FXenGRNWWibDOhDqL1WFJIl3mAZDQ/640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">仔细观察后我<span style="color: black;">发掘</span>该资源网有点像emlog系统 于是我在该资源网域名后面加上了"/t"(域名/t是emlog系统的微语<span style="color: black;">位置</span>,我加上去确认一下)</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ0ibseTFRpkvQgJKvOJnE5cnvlscLU0zL2l14JbaJDCwzxo2fq7EWBN8Q/640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">弹出了“抱歉,微语未开启前台<span style="color: black;">拜访</span>!”果然 是emlog系统!</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;"><span style="color: black;">起始</span>代码审计</span></span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">而后</span>我F12审核元素,<span style="color: black;">瞧瞧</span>它emlog模板的文件夹名是什么</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ0hzT1CKSSe3JSThlsibuaJVBl53EPO3fcf5SDq3aWkVibSz4Fql3rE6YQ/640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">能够</span>看出 /templates/fxw_9***.com 中的fxw_9***.com<span style="color: black;">便是</span>模板名字了 于是我就碰碰运气利用搜索引擎<span style="color: black;">瞧瞧</span>能<span style="color: black;">不可</span>查到这个模板</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ03LKENbjC2yZg00uF5pR6naTH6zDHWIJXnRRboITV2v8gplS26pJoEg/640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">利用模板名字和emlog等等关键词查到了该模板的下单链接(ps:这么多外链看来这个资源网用的是一个泛滥的模板了)</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ03avXDtbQTJgbVLOSOib0YCtesGLib0IjKYh9icuUsMJDyBCiaqDHvEBbvA/640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">下载后看了看排榜,和<span style="color: black;">目的</span>站点几乎一模<span style="color: black;">同样</span>!<span style="color: black;">而后</span>我<span style="color: black;">起始</span>了代码审计</p>最后<span style="color: black;">发掘</span>评论区存在xss反弹注入漏洞
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ08oDCnuTPQDGv39UNMNu6lUWGWLz9qsAO5QvjDfrMmelffBS9aWhOxQ/640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">结果存在网址屏蔽...<span style="color: black;">亦</span><span style="color: black;">便是</span><span style="color: black;">倘若</span>你的评论<span style="color: black;">包括</span>链接 <span style="color: black;">那样</span>就自动把链接的文本替换为"【网址屏蔽】"</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ0ckIMHFUiaV0AXiaAx0UfRww17rB9goia8Mj9ia5LNdj58r8xNAuCib5ppag/640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">最后我<span style="color: black;">经过</span>burpsuit改了提交后的post请求 发出了评论的请求</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;"><span style="color: black;"><span style="color: black;">起始</span>渗透:</span></span></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">评论xss代码后在管理器查看评论后截取了管理员后台的cookies <span style="color: black;">运用</span>cookies登录了管理员后台</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ0NtO2NWP97QVMhgzv4pUNSbQVSjf9vFh3ibkD8QIPzAzZvyYqNw0mlaQ/640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">而后</span><span style="color: black;">起始</span>getshell,我<span style="color: black;">发掘</span>上传模板、插件这两个功能<span style="color: black;">亦</span>许<span style="color: black;">能够</span>实现上传shell</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ0wYj9BuZof6REHhjbuOUyviacj8uKUpWVlOvhTDSnkGic3T8dmq9utNww/640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">结果...模板安装包不符合标准 原来emlog不是<span style="color: black;">茫然</span>接收压缩包后解压到/content/templates/的</p>于是我下了一个emlog官网的标准模板安装包,在里面加入了一个一句话
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ0p321jUzU3xic2kqRLHjicjteYmYkLRQcicaPK32tl9lYPBDHxrb9BZa9A/640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">最后</span>成功<span style="color: black;">经过</span>检测并上传了该模板!</p><span style="color: black;">而后</span>在菜刀加入 http://域名/content/templates/模板文件夹名/一句话木马名字.php
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_png/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ0B0UhYorC36VWYkkjHkPlNj0exPDNibklodRs7G7iaeWBw8jLaMjnq2dg/640?wx_fmt=png&tp=webp&wxfrom=5&wx_lazy=1&wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">该资源网服务器竟一个web防火墙<span style="color: black;">亦</span><span style="color: black;">无</span> 一个一句话直接进去了,过狗我<span style="color: black;">亦</span><span style="color: black;">不消</span>搞了<img src="https://mmbiz.qpic.cn/mmbiz_gif/5ZACCn1bWExlAvsDibhuZVZaMI59vYJZ07ic2YNyo5Lq8CA488cAAq0Bxrz4t4fSIRicE61Unu6eFLic5d32552OMA/640?wx_fmt=gif&tp=webp&wxfrom=5&wx_lazy=1" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_gif/5ZACCn1bWEyV1xvApsBJHLOxfIxbKOCyf6pSwHic8ictKFddxRKaGA4gpWeNvNwzVibUiaJBInYFXJTNGlOoYsHWPg/640?wx_fmt=gif&tp=webp&wxfrom=5&wx_lazy=1" style="width: 50%; margin-bottom: 20px;"></p>
一看到楼主的气势,我就觉得楼主同在社区里灌水。 你的见解独到,让我受益匪浅,非常感谢。
页:
[1]