Destoon最新 V5.0-UTF8 正式版命令执行漏洞(后台)

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: RT ### 详细说明: 后台一处命令执行漏洞,可添加系统账户。 漏洞位于admin/tag.inc.php ``` case 'preview': $db->halt = 0; $destoon_task = ''; if($tag_css) $tag_css = stripslashes($tag_css); if($tag_html_s) $tag_html_s = stripslashes($tag_html_s); if($tag_html_e) $tag_html_e = stripslashes($tag_html_e); if($tag_code) $tag_code = stripslashes($tag_code); if($tag_js) $tag_js = stripslashes($tag_js); $code_eval = $code_call = $code_html = ''; if($tag_css) $code_eval .= '<style type="text/css">'."\n".''.$tag_css.''."\n".'</style>'."\n"; if($tag_html_s) $code_eval .= $tag_html_s."\n"; $code_call = $code_eval; $code_call .= $tag_code."\n"; $tag_code = str_replace('<!--{', '', $tag_code); $tag_code = str_replace('}-->', '', $tag_code); if(strpos($tag_code, '",') !== false) { $tag_code = str_replace(', '.$tag_expires.')', ', -1)', $tag_code); } else { $tag_code = str_replace('")', '", -1)', $tag_code); } $tag_code .= ';'; ob_start(); eval($tag_code);//eval直接执行1 $contents = ob_get_contents(); ob_clean();...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息