| title | tags | grammar_cjkRuby | |
|---|---|---|---|
install |
|
true |
zzcms 8.2
/install/index.php
$str=str_replace("define('siteurl','".siteurl."')","define('siteurl','$url')",$str) ;
Website information leaked
The parameters here will be stored in /inc/config.php, so if I construct the corresponding statement, close the brackets, so that i can successfully perform sql injection.Due to waf reasons, only can control siteurl
Write siteurl=1');phpinfo();#
The discovery can be performed, due to the need to verify the database information before, so the use of the premise is that the install directory is not deleted, and should guess the database user name password
str Parameter result:
finally successful
