https://github.com/jiangsir404/PHP-code-audit
php code audit for cms vulnerabilities / 代码审计,对一些大型cms漏洞的复现研究,更新源码和漏洞exp
https://github.com/jiangsir404/PHP-code-audit
Last synced: 4 months ago
JSON representation
php code audit for cms vulnerabilities / 代码审计,对一些大型cms漏洞的复现研究,更新源码和漏洞exp
- Host: GitHub
- URL: https://github.com/jiangsir404/PHP-code-audit
- Owner: jiangsir404
- Created: 2017-12-24T07:47:37.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2018-12-12T09:44:50.000Z (almost 7 years ago)
- Last Synced: 2024-08-05T17:40:47.128Z (over 1 year ago)
- Language: Python
- Homepage:
- Size: 23.9 MB
- Stars: 270
- Watchers: 9
- Forks: 61
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - jiangsir404/PHP-code-audit - php code audit for cms vulnerabilities / 代码审计,对一些大型cms漏洞的复现研究,更新源码和漏洞exp (Python)
README
# PHP-code-audit
php code audit for cms vulnerabilities
> 记录自己对一些cms漏洞的审计学习, 欢迎师傅们star支持下, 持续更新中。
### seacms
- [x] [seacms v6.45,v6.54,v6.55 命令执行漏洞](https://github.com/jiangsir404/PHP-code-audit/blob/master/seacms/seacms%20%E5%A4%9A%E4%B8%AA%E7%89%88%E6%9C%AC%E7%9A%84%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%E6%80%BB%E7%BB%93(search.php).md)
### wordpress
- [x] [wordpress v4.7.5 sprintf格式化字符串注入漏洞](https://github.com/jiangsir404/PHP-code-audit/blob/master/wordpress/wordpress%204.7.5%20sqli%E6%B3%A8%E5%85%A5%E5%88%86%E6%9E%90.md)
### phpcms
- [x] [phpcmsv9.6.0 sqli注入漏洞](https://github.com/jiangsir404/PHP-code-audit/blob/master/phpcms/phpcmsv9.6.0-sqli.md)
- [x] [phpcmsv9.6.0 文件上传漏洞](https://github.com/jiangsir404/PHP-code-audit/blob/master/phpcms/phpcmsv9.6.0%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md)
- [x] [phpcmsv9.6.2 sqli注入漏洞](https://github.com/jiangsir404/PHP-code-audit/blob/master/phpcms/phpcms%20v9.6.2%20sqli%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.md)
- [x] [phpcmsv9.6.1 文件读取漏洞](https://github.com/jiangsir404/PHP-code-audit/blob/master/phpcms/phpcmsv9.6.1%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md)
### typecho
- [x] [typecho 前台反序列化getshell](https://github.com/jiangsir404/PHP-code-audit/blob/master/typecho/%E6%96%B0%E6%89%8B%E5%88%86%E6%9E%90typecho%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md)
### DedeCms
- [ ]DedeCms v5.7.72任意用户密码重置漏洞
### PHPmailer
- [x] [PHPmailer 命令执行漏洞(<=5.2.19)](https://github.com/jiangsir404/PHP-code-audit/blob/master/PHPmailer/PHPmailer%20%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md)
- [x] [PHPmailer 任意文件读取(<=5.2.21)](https://github.com/jiangsir404/PHP-code-audit/blob/master/PHPmailer/PHPmailer%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md)
### thinkphp
- [x] [Thinkphp5.0.x rce漏洞分析](https://github.com/jiangsir404/PHP-code-audit/blob/master/thinkphp/Thinkphp5.0.x%20rce%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.pdf)
- [x] [Thinkphp5.1.x rce漏洞分析](https://github.com/jiangsir404/PHP-code-audit/blob/master/thinkphp/Thinkphp5.1.x%20rce%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90.pdf)
- [x] [ThinkPHP 框架安全性分析](https://github.com/jiangsir404/PHP-code-audit/blob/master/thinkphp/ThinkPHP%20%E6%A1%86%E6%9E%B6%E5%AE%89%E5%85%A8%E5%9E%8B%E5%88%86%E6%9E%90.pdf)
### Yii
- [x] [Yii框架findOne fineAll 注入分析( CVE-2018-7269)](https://github.com/jiangsir404/PHP-code-audit/blob/master/yii/Yii%E6%A1%86%E6%9E%B6findOne%20fineAll%20%E6%B3%A8%E5%85%A5%E5%88%86%E6%9E%90(%20CVE-2018-7269).pdf)