I noticed in framework/phpok_call.php::_format_ext_all has an unserialize
and in phpok 5.4 has already fixed something
just like this https://www.anquanke.com/post/id/194453#h2-5
but in
/framework/phpok_call.php I noticed I found a parse_str
$rs we can control so we just need to use double urlencoded can bypass it but noticed this
alias we can use weak compared to bypass
I noticed in framework/phpok_call.php::_format_ext_all has an unserialize
and in phpok 5.4 has already fixed something
just like this
https://www.anquanke.com/post/id/194453#h2-5
but in


/framework/phpok_call.php I noticed I found a parse_str
$rs we can control so we just need to use double urlencoded can bypass it but noticed this
alias we can use weak compared to bypass
and we can write a pop chain use rot13 bypass
final payload:
and we can get a webshell in /_cache/1.php
The text was updated successfully, but these errors were encountered: