PHPCMS前台文件上传漏洞代码审计

环境搭建

官网源码下载:https://www.phpcmsv9.cn/index.html

image-20240929111311079

image-20240929112932254

image-20240929113020874

php.ini

image-20240929113122695

image-20240929113740906

image-20240929113902077

image-20240929120138430

image-20240929120202490image-20240929120311125

image-20240929120405083

image-20240929120433181

前台

image-20240929120506548

后台

http://www.myphpcms.com/index.php?m=admin&c=index&a=login&pc_hash=

image-20240929120526297

漏洞复现

会员注册中心界面,填写表单进行提交,使用burp抓包

image-20240929133703914

数据包如下

image-20240929133927062

__END__