phpcmsv9.0任意上传漏洞

漏洞存在地址&＃xff1a;
burp抓包

POST /phpcms_v9.6.0_UTF8/install_package/index.php?m&＃61;member&c&＃61;index&a&＃61;register&siteid&＃61;1 HTTP/1.1
Host: 192.168.0.109
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: text/html,application/xhtml&＃43;xml,application/xml;q&＃61;0.9,image/webp,*/*;q&＃61;0.8
Accept-Language: zh-CN,zh;q&＃61;0.8,zh-TW;q&＃61;0.7,zh-HK;q&＃61;0.5,en-US;q&＃61;0.3,en;q&＃61;0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 247
Origin: http://192.168.0.109
Connection: close
Referer: http://192.168.0.109/phpcms_v9.6.0_UTF8/install_package/index.php?m&＃61;member&c&＃61;index&a&＃61;register&siteid&＃61;1
COOKIE: BZPxi_admin_username&＃61;3c62twnYfytEvLt8KAd4HoO3kdHtttT6YXOREuT95BX6SHY; BZPxi_siteid&＃61;e8bfXf6LxOILiaUtAs9WT_bIplHA8QgH8yZmz68o; BZPxi_userid&＃61;3c5f4RSWHzHA1b7a11ZVB0C_LbQ5_jrBWX46bNPN; BZPxi_admin_email&＃61;dcdafmB5jDj3Tx_l_n4dKucPVcAwF6g5RLnABwTJBTpC0_Tj9ox69Iw5T-8M; BZPxi_sys_lang&＃61;62feyrOBqQxmzdKLe-cftKUb-HilGwBURxidIh99Rebc8g; PHPSESSID&＃61;h63jqt845o3niq80v4pp6gm5l2
Upgrade-Insecure-Requests: 1siteid&＃61;1&modelid&＃61;10&username&＃61;1111&password&＃61;111111&pwdconfirm&＃61;111111&email&＃61;1%40qq.com&nickname&＃61;1111&info%5Bbirthday%5D&＃61;2020-10-06&dosubmit&＃61;%E5%90%8C%E6%84%8F%E6%B3%A8%E5%86%8C%E5%8D%8F%E8%AE%AE%EF%BC%8C%E6%8F%90%E4%BA%A4%E6%B3%A8%E5%86%8C&protocol&＃61;


漏洞复现

漏洞原理

学习代码审计后补上

学习链接phpcmsv9