代码拉取完成,页面将自动刷新
Here I choose the latest version downloaded from the official website,Because I found that the gitee version is not the latest version.
The official url is https://www.ecisp.cn/html/cn/download_espcms/.

login in to the manage background,and use below function

Use burpsuite ,and then modify the requests.
There we modify the UPFILE_PIC_ZOOM_HIGHT from 200 to 200,);phpinfo();/*

Then we see the below php file was modifyed by us,and we visit it


The reason was that,ESPCMS_Core::command_creat() will save the config

And there are no check for the param.

Since this project will addslashed automatic.So i. chose to modify the int param,and then get shell