凡諾CMS 未授權訪問&文件包含Getshell漏洞

From PwnWiki

Revision as of 15:02, 25 June 2021 by Pwnwiki (talk | contribs) (→‎文件包含Getshell)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎中文（繁體）‎

未授權訪問

/fannuo/admin/cms_admin_edit.php?id=1

在Cookie中增加admin_name字段即可造成未授權訪問。

文件包含Getshell

在添加頻道處上傳附件

根據網站根目錄所在位置用../進行跨目錄

首頁 - 點擊頻道，該URL可以進行遠程連接。

Retrieved from "https://pwnwiki.com/index.php?title=凡諾CMS_未授權訪問%26文件包含Getshell漏洞&oldid=5931"