Rice cms brute force getshell
See
Install \ index. php
<? Phpheader ("Content-type: text/html; charset = UTF-8"); include_once ('. /function. php '); define ('root', dirname (_ FILE _); $ verMsg = 'v3. 8'; $ s_lang = 'utf-8'; $ source_file = ". /source/config. ini. php "; // source configuration file $ target_file = ".. /Public/Config/config. ini. php "; // The target configuration file. $ Lock_file = '../install. lck'; // lock the file if (file_exists ($ lock_file) {header ('location: ../index. php ');}
Determine whether install. lck exists. However, the header does not exit. The page is only redirected, but the subsequent code will continue to be executed.
Attackers can open mysql database outreach on their own servers. Then post data to this page
Step = 4 & dbhost = Remote Server ip & dbport = Port & dbuser = Account & dbpwd = PASSWORD & dbname = Database Name
You can reinstall the cms.
Then use the default password to enter the background,
/Admin. php? S =/Tpl/Update
You can name the template suffix php to getshell.
Solution:
Filter