| 제목 | PHPEMS PHPEMS 6/7 验证绕过 && RCE |
|---|
| 설명 | The encryption and decryption logic of PHPEMS Session uses a Key to encrypt and decrypt Session data. However, there are loopholes in the encryption and decryption algorithm. The key can be restored externally through calculation. By obtaining this key, you can forge data and send it to the server for deserialization. During deserialization, you can find the chain and perform SQL injection operations, thereby tampering with the database and forging an administrator session. After logging in, enable the topic module and edit the template to execute malicious code. |
|---|
| 원천 | ⚠️ https://note.zhaoj.in/share/jw4Hp9cq7T69 |
|---|
| 사용자 | glzjin (UID 59815) |
|---|
| 제출 | 2023. 12. 07. PM 07:15 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 12. 09. PM 09:40 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 247357 [PHPEMS 6.x/7.x/8.x/9.0 Session Data lib/session.cls.php 권한 상승] |
|---|
| 포인트들 | 20 |
|---|