P***OK全版本前台无条件RCE

Security Classification: 【C-1】 | Publish Time:2024-09-25 | Category:Old Posts | Edit
Old Version | Diff |
Expiry Notice: The article was published three months ago. Please independently assess the validity of the technical methods and code mentioned within. :)

AI Summary: 本文通过代码审计发现了一个SQL注入漏洞，利用可控的content-type字段插入恶意SQL语句，并覆盖序列化数据，最终实现RCE。构造了一个特定的gadget类，通过反序列化触发文件写入，生成webshell。利用此方法可以通过id获取shell，实现远程代码执行。 --- (From Model:gpt-4o-mini-2024-07-18)

© Copyright: This article is an original work and the copyright belongs to the  Depy's docs  unless marked as Reproduced

Please contact the blogger for authorization to reprint