This repository has been archived by the owner on May 8, 2024. It is now read-only.
GreenCMS存在信息泄漏漏洞可下载所有日志 #110
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
漏洞发现者:vr_system
恶意攻击者可以下载网站全部日志。
测试地址:http://192.168.249.128:8080/GreenCMS-beta/Data/Log/18_06_20.log
案例地址:http://47.100.195.111/Data/Log/18_06_20.log
POC:http://域名/Data/Log/年_月_日.log
只需要尝试猜测日志的日期,就能够下载全部日志。
防御方法:加强日志名称的复杂程度。
The text was updated successfully, but these errors were encountered: