| title | tags | grammar_cjkRuby | |
|---|---|---|---|
install |
|
true |
install
Edition :
zzcms 8.2
Location
/install/index.php
Code:
$str=str_replace("define('siteurl','".siteurl."')","define('siteurl','$url')",$str) ;
Rows : 114
Harm
Website information leaked
Cause the cause
The parameters here will be stored in /inc/config.php, so if I construct the corresponding statement, close the brackets, so that i can successfully perform sql injection.Due to waf reasons, only can control siteurl
Write siteurl=1');phpinfo();#
The discovery can be performed, due to the need to verify the database information before, so the use of the premise is that the install directory is not deleted, and should guess the database user name password
poc
str Parameter result:
finally successful



