Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
17 lines (14 sloc) 1.17 KB

Command Execution

Write payload at the site title The var_export function is used here The htmlspecialchars function is used below, but this function does not affect our command execution, so there is no need to consider As you can see from the previous screenshot, because var_export is used, there is no escape here. Can you really order execution? The answer is definitely yes, but it is in install.php

You can see that there is no filtering here, and the POST data is directly stored in the configuration file, thus causing the command execution or GETCHELL