骑士CMS(20141027)多个漏洞组合可致所有数据泄露+getshell

简要描述： 专注挖魂。。。 74cmsv3.5.120141027.zip 无限制SQL注入 详细说明： 刚下了个74cmsv3.5.120141027.zip，diff了一下发现了下面的改动： diff -Nurp upload.1020/plus/weixin.php upload.1027/plus/weixin.php --- upload.1020/plus/weixin.php 2014-10-18 12:14:22.000000000 +0800 +++ upload.1027/plus/weixin.php 2014-10-25 14:45:22.000000000...