Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
18 lines (13 sloc) 1006 Bytes

DIR_DEL


There is a data backup here, and it is easy to have a vulnerability in this place.

After selecting the backup and clicking delete in batches, you can capture the package and see it. Can be seen in the database.php, call the import method, This function is located XiaoCms\admin\controller\database.php.

The line is the key, you can see that there is no restriction on our input, which means you can use ../ etc, so there is any directory deletion here.

First create a new directory in the root directory.The submitted path is ../../1