Enter the installation process, enter the payload in the MySQL database settings: root\';phpinfo();//
点击Continue。重新刷新页面,执行php代码
Click Continue. Re-refresh the page and execute the php code
在setup/inc/setup.func.inc.php 的write_conf_file中对外部输入参数进行了过滤并拼接
The external input parameters are filtered and spliced in the write_conf_file of setup/inc/setup.func.inc.php
过滤替换'为\',输入\'将被替换为\\',前面的\将后面的\进行了转义导致其失效。
Filtering replaces ' with \', inputting \' will be replaced with \\', the front \ will escape the following \ to make it invalid.
最终结果
Final Results
The text was updated successfully, but these errors were encountered:
进入安装流程,在MySQL database settings处输入payload:
root\';phpinfo();//Enter the installation process, enter the payload in the MySQL database settings:

root\';phpinfo();//点击Continue。重新刷新页面,执行php代码
Click Continue. Re-refresh the page and execute the php code

在
setup/inc/setup.func.inc.php的write_conf_file中对外部输入参数进行了过滤并拼接The external input parameters are filtered and spliced in the

write_conf_fileofsetup/inc/setup.func.inc.php过滤替换
'为\',输入\'将被替换为\\',前面的\将后面的\进行了转义导致其失效。Filtering replaces

'with\', inputting\'will be replaced with\\', the front\will escape the following\to make it invalid.最终结果
Final Results

The text was updated successfully, but these errors were encountered: