it's easy to find that when we write db's config into caches/config.php,we didn't do any filtering.
What's more,we use the extract($_POST);,so we can control all variables in this page.
and this is the payload:
we can see the caches/config.php
we visit that page
The text was updated successfully, but these errors were encountered:
./upload/install.php 136-176
it's easy to find that when we write db's config into caches/config.php,we didn't do any filtering.
What's more,we use the
extract($_POST);,so we can control all variables in this page.and this is the payload:



we can see the caches/config.php
we visit that page
The text was updated successfully, but these errors were encountered: