emlog个人博客系统后台存在权限提升漏洞

Basic Fields

SSV ID:: SSV-92652

Find Time:: Unknown

Submit Time:: 2017-02-03

Level:

Category:: 权限提升

Component:: EMLOG
(<=5.1.2)

Author:: Unknown

Submitter:: sebao

CVE-ID：: Add

CNNVD-ID：: Add

CNVD-ID：: CNVD-2016-12744

ZoomEye Dork：: Add

Source

http://www.cnvd.org.cn/flaw/show/CNVD-2016-12744

Detail

Contributor Got 0KB

have 0 exchange

PoC

Unavailable PoC

Reference Linking

http://www.cnvd.org.cn/flaw/show/CNVD-2016-12744

Solutions

Temp Solutions

Unavailable Temp Solutions

Official Solution

Unavailable Official solution

Defense Solutions

Unavailable Defense Solutions

All Comments (3)

SkMter 2017-02-07

导入sql文件时，貌似会报错。。
- sebao
  导入sql文件的时候会判断表前缀，把标前缀改成一致的就可以
Reply 0 0
3F
phithon 2017-02-05

这里是怎么绕过的？ $request_uri = strtolower(substr(basename($_SERVER['SCRIPT_NAME']), 0, -4)); if (ROLE == ROLE_WRITER && !in_array($request_uri, array('write_log','admin_log','attachment','blogger','comment','index','save_log'))) { emMsg('权限不足！','./'); }
- sebao
  这个漏洞利用前提条件是需要登录后台的，影响版本里面写了，可能字体太小没看清楚，我的锅～
Reply 0 0
2F
anonymous 2017-02-04

传说中的后台 getshell
Reply 0 0
1F

※Any content provided by this site, only to learn the code and services, not for illegal purposes

SkMter 2017-02-07

导入sql文件时，貌似会报错。。

sebao
导入sql文件的时候会判断表前缀，把标前缀改成一致的就可以

Reply 0 0

phithon 2017-02-05

这里是怎么绕过的？ $request_uri = strtolower(substr(basename($_SERVER['SCRIPT_NAME']), 0, -4)); if (ROLE == ROLE_WRITER && !in_array($request_uri, array('write_log','admin_log','attachment','blogger','comment','index','save_log'))) { emMsg('权限不足！','./'); }

sebao
这个漏洞利用前提条件是需要登录后台的，影响版本里面写了，可能字体太小没看清楚，我的锅～

anonymous 2017-02-04

传说中的后台 getshell

emlog个人博客系统后台存在权限提升漏洞

Basic Fields

Source

Detail

PoC

Reference Linking

Solutions

Timeline

Related Vuls

Need to bind phone before comment. Bind Now

All Comments (3)

emlog个人博客系统后台存在权限提升漏洞

Basic Fields

Source

Detail

PoC

Reference Linking

Solutions

Timeline

Related Vuls

Need to bind phone before comment. Bind Now

All Comments (3)

Hello,

Hello,