The use of the premise is to program the application to the database server and if possible even outside, this is critical.
Your engage in Station time to meet with the station, online can't find the version of the vulnerability, their own get back to the source to read a bit.
Find a loophole, or issued to it.
Read an arbitrary file vulnerability:
Copy the code can be connected on the database.
select * from sdb_operators;
Give the administrator user a password./ shopadmin/ landing
I tested the station, the direct use of the into outfile a shell.
Online has a post that says can blast the physical path, the test is not available.
If the install directory is not deleted, the following this can see phpinfo
Copy the code in addition the/home/cache/directory of the file, but also can burst to.