After the request message is sent, it will enter /dede/co_add.php, if the sourcetype is not rss, it will enter else, and the DedeCollection#Testlists method will be called
In dedecollection.class.php#Testlists(), the url will be passed as a parameter to the DownOnePage method of this class.
Pass the url to the OpenUrl method in DownOnePage
In the OpenUrl method, first call the ResetAny method to reset the parameters, and then call PrivateInit to initialize the parameters. Finally, call PrivateStartSession to trigger the vulnerability.
Enter PrivateStartSession and perform a series of assignments and set parameters.
Finally, curl_exec is performed on line 363
When the port is opened, the files in its directory will be obtained
When the port is closed, a connection failure will be prompted.
