The topic is in the i spring and autumn ctf training camp
Another question about the common vulnerabilities of cms, go directly to Baidu to check the general vulnerabilities
Here I am using the following exploit:
Ocean CMS V6.28 code execution 0day
According to the given payload, directly access url+/search.php?searchtype=5&tid=&area=eval($_POST[1])
After connecting with kitchen knife, but at first glance there is no flag.php
Backhand to check the storage address of the database configuration file of the ocean cms:
Go out and use a kitchen knife to connect to the database
After editing, right-click the database management, you can see the flag