yuyuecms 1.2 File Deletion Vulnerability

Others 2019-11-24 00:23:57 views: null

www.yuyue-cms.com

yuyuecms version 1.2

1.png

Administrator / controller to delete the index method Vulnerability
2.png

See catfishcmsCatfish isPost static method

3.png

If the static method call verification

4.png

If true exec sql, then the session returns

deletefile way
5.png

isDataPath method
6.png

You can see the function of judge $ path 0,5 == data / no repalace ../../

So that we can remove the vulnerabilities /../../ filename achieved by structrue data file

poc: acquiring input codes path data /../../ filename delfile

7.png

8.png

Guess you like

Origin www.cnblogs.com/M0rta1s/p/11920882.html
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com