Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello, I found that there are some problems with eonweb, hoping to help you and your work /module/admin_conf/download.php
if(isset($_GET["file"])){ $dwn="/tmp/".$_GET["file"]; header("Content-type: application/octet-stream"); header("Content-Disposition: attachment; filename=".$_GET["file"]); flush(); readfile($dwn); }
'$_GET["file"]' is not filtered,and exists arbitrary file download vulnerability So when we open this url: https://localhost/module/admin_conf/download.php?file=../../etc/passwd it would download the file '/etc/passwd' and we can get the contents of this file
The text was updated successfully, but these errors were encountered:
Fix here : 3163221240db69d417cf6bb8456f87653d472f21
Thank you for the advice !
Sorry, something went wrong.
No branches or pull requests
Hello, I found that there are some problems with eonweb, hoping to help you and your work
/module/admin_conf/download.php
'$_GET["file"]' is not filtered,and exists arbitrary file download vulnerability


So when we open this url:
https://localhost/module/admin_conf/download.php?file=../../etc/passwd
it would download the file '/etc/passwd'
and we can get the contents of this file
The text was updated successfully, but these errors were encountered: