【官方悬赏】CNVD-2020-24741(悬赏等级:中)

CNVD 编号

CNVD-2020-24741

危害级别

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

影响产品

JunAMS junAMS 1.2.1.20190403

漏洞描述

JunAMS是一款以ThinkPHP为框架的开源内容管理系统。

JunAMS内容管理系统存在文件上传漏洞,攻击者可利用该漏洞上传webshell,获取服务器权限。

漏洞解决方案

厂商尚未提供漏洞修复方案,请关注厂商主页更新:
https://xiuxian.junphp.com/junams.html

悬赏时间

2020.5.12

悬赏种类

官方悬赏

悬赏问题

该漏洞具体细节

悬赏解决方式

在论坛【悬赏细节】版面对于本漏洞进行漏洞分析

悬赏积分

3 酒币

悬赏状态

待解决

2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Article.php:137:4694 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Article.php:246:9195 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->menu(); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Content.php:562:19095 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:44:1328 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:46:1514 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:73:2361 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:77:2464 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:79:2558 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:86:2891 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Role.php:171:5705 is probably vulnerable.(Trace Graph at )

应该都比较有趣

1 Like

似乎文件上传有一处:

$info = $file->validate([])->move($path);// /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Common.php:88

还有一处unlink 似乎也比较有趣:

2020-05-13 11:16:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? unlink($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Common.php:243:8418 is probably vulnerable.(Trace Graph at )