Visit /public/admin.php to jump to the login page, the default password is admin admin
2.
Click System -> Behavior Management, find the option "attachments_delete" on the second page, click Edit
Change the belonging module to system
Drag to the bottom and change the log rule to [details|system] test [details]
and submit
Click on the system to upload any picture
After uploading, click Attachment Management on the left, get id=1
http://localhost/DolphinPHPV1.5.0/public/admin.php/admin/attachment/delete
ids[]=calc%26&ids[]=1
Successfully execute the command to pop up the calculator
If you want to execute the command again, you need to repeat the above step 4 (upload the picture to get the id), and the id is 2 at this time
ids[]=whoami%26&ids[]=2