CNVD 编号
CNVD-2020-24741
危害级别
高 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
影响产品
JunAMS junAMS 1.2.1.20190403
漏洞描述
JunAMS是一款以ThinkPHP为框架的开源内容管理系统。
JunAMS内容管理系统存在文件上传漏洞,攻击者可利用该漏洞上传webshell,获取服务器权限。
漏洞解决方案
厂商尚未提供漏洞修复方案,请关注厂商主页更新:
https://xiuxian.junphp.com/junams.html
悬赏时间
2020.5.12
悬赏种类
官方悬赏
悬赏问题
该漏洞具体细节
悬赏解决方式
在论坛【悬赏细节】版面对于本漏洞进行漏洞分析
悬赏积分
3 酒币
悬赏状态
待解决
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Article.php:137:4694 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Article.php:246:9195 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->menu(); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Content.php:562:19095 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:44:1328 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:46:1514 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:73:2361 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:77:2464 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:79:2558 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Region.php:86:2891 is probably vulnerable.(Trace Graph at )
2020-05-13 10:50:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? $__ANY__->where($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Role.php:171:5705 is probably vulnerable.(Trace Graph at )
应该都比较有趣
1 个赞
似乎文件上传有一处:
$info = $file->validate([])->move($path);// /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Common.php:88
还有一处unlink 似乎也比较有趣:
2020-05-13 11:16:22 [ALRT] [php-parser/instance/condition_slover.go:42] [*] Found <? unlink($__ARG__); at /Users/maple/Downloads/php-test2/v1.2.1.20190403/application/admin/controller/Common.php:243:8418 is probably vulnerable.(Trace Graph at )