You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The file upload vulnerability file address:
\app\admin\c\CommonController.php
It can be seen that uploads uses the blacklist and whitelist verification method for the suffix of uploaded files, but the blacklist lacks the restriction on the suffix phtml, which causes the file upload suffix to be bypassed
For users who have logged in to the background, you can add a phtml to the file suffix in the whitelist, and then you can upload a sentence of the suffix phtml Trojan Horse
Visible file uploaded successfully and returned to the upload path
Repair method:Blacklist phtml files
The CSRF vulnerability :
After the administrator logged in, open the following page phtml will be included in the white list, and other configuration items can also be modified
The file upload vulnerability file address:![1](https://user-images.githubusercontent.com/112733473/221190709-116828d9-9d14-47b5-9e36-e7a7c4c3c129.png)
![2](https://user-images.githubusercontent.com/112733473/221191668-71a4d270-1b01-4795-9bde-3f07b119586e.png)
\app\admin\c\CommonController.php
It can be seen that uploads uses the blacklist and whitelist verification method for the suffix of uploaded files, but the blacklist lacks the restriction on the suffix phtml, which causes the file upload suffix to be bypassed
For users who have logged in to the background, you can add a phtml to the file suffix in the whitelist, and then you can upload a sentence of the suffix phtml Trojan Horse
Visible file uploaded successfully and returned to the upload path
Repair method:Blacklist phtml files
The CSRF vulnerability :
After the administrator logged in, open the following page phtml will be included in the white list, and other configuration items can also be modified
The text was updated successfully, but these errors were encountered: