Yesterday run into, the recording process, nothing of the content, similar to articles sure, any resemblance is certainly no coincidence（language is not so good, everyone will see: the
Conditions: 1, movie Station is maccms php version. 2, The server install a security Dog. 3, There is a background account password.
Of course the first step Baidu a bit, there are no related articles. Found previously to have a large cow made a upload of the vulnerability test fails, the estimate is the official has been fixed.
Into the background, can be found to edit the template, as shown below:
Path is: http://0855.tv/admin/admin_templates.php?action=edit&file=../template/default/html/art.html
Then the IE configuration: http://0855.tv/admin/admin_templates.php?action=edit&file=index.php Get:
This comparable that ShopEx background calendar times directory shoved more, not only can see the content, you can also edit. So, basically you can get a webshell. The content is not high. In order not to disrupt the program, 我打算在admin/version.php This file is written in the back door. http://0855.tv/admin/admin_templates.php?action=edit&file=../admin/version.php As shown in Figure:
Visit: http://0855.tv/admin/version.php security Dog tip interception:
Baidu look through the safe Dog PHP Malaysia, there are many, the following is commonly used: