Skip to content

Instantly share code, notes, and snippets.

Last active Dec 30, 2021
What would you like to do?
Dolphinphp v1.5.0 contains a remote code execution vulnerability in common.php

Visit /public/admin.php to jump to the login page, the default password is admin admin

1 jpg 2. Click System -> Behavior Management, find the option "attachments_delete" on the second page, click Edit image

Change the belonging module to system image

Drag to the bottom and change the log rule to [details|system] test [details] and submit image

Click on the system to upload any picture image

After uploading, click Attachment Management on the left, get id=1 image

Here is the poc image



Successfully execute the command to pop up the calculator image

If you want to execute the command again, you need to repeat the above step 4 (upload the picture to get the id), and the id is 2 at this time image

Modify the post parameters to image



Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment