CandyCMS Pre-Auth RCE
CandyCMS Pre-Auth RCE
影响版本:CandyCMS V1.0.0
在install.php处可以通过GET传递install参数删除core/config.php,并进行重新安装
会将ReInstall时传递的DB Host,DB Name,DB Prefix 写入core/config.php,
且若数据库连接成功就不会删除core/config.php
可以在DB_PREFIX处传递');phpinfo();#进行拼接
成功写入core/config.php:
CandyCMS Pre-Auth RCE
https://www.xuxblog.top/2024/03/25/CandyCMS-Pre-Auth-RCE/