Title: Remember the penetration test of the spinach demonstration agent site

I've been browsing on QQ space

So the following is here. Open the site, it’s very considerate and you can enter the front and back office.

Let's talk about the loopholes below

SQL injection, there is a set of programs based on a template two-opening, which happens to be the one I have in my hand and have audited. So take it easily.

No filtering, just make a note.

I suspect that uploading this arbitrary file is the backdoor left by the developer.

Those who can understand can see it at a glance. Just create a new form locally and submit it.

However, there is a problem with the target site. The path is not echoed when uploading, so it should be commented on echo. Locally built tests,

Modify the upload file name to this format.

Idea: Reproduce the upload locally and submit it at the same time as the remote. At the same time point, the returned file name should be the same.

Test

Reappearance is successful.

Click until it is.

I would like to ask you guys who are proficient in php auditing

Is this code useful?

Trying various truncations can never execute php code.

Reprinted from the original link: https://mp.weixin.qq.com/s/hduQd7Jm72b00oSU9Ip1BQ