Last night, a friend met a phpcms v9 who couldn't get the shell. Then Baidu found that there were no related articles. He hadn't done anything in this area for a long time. He had nothing to do, so he helped me read it, it was found that phpcms v9 was much safer, and it was really troublesome to get the shell, but we accidentally found a vulnerability. In the past, phpcms2008 still had a lot of shell methods, but it was useless in v9, but I don't know why phpcmcs v9 has such a low-level vulnerability. It's really speechless ..
Operation Method:
Go to the background and click the interface-template style-select a page and click Modify.
Insert the code and click Submit ..
Go back to the template Management page and click visualization ..
Well, the code is executed.
It is estimated that many people have crashed directly here... obviously, the phpcms v9 background focuses on security, but I don't know why such a low-level mistake has occurred.
Author: Wind
Www.2cto.com:
V9 background template settings do not run online modification.