You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 8, 2024. It is now read-only.
漏洞发现者:vr_system
恶意攻击者可以下载网站全部日志。
测试地址:http://192.168.249.128:8080/GreenCMS-beta/Data/Log/18_06_20.log
案例地址:http://47.100.195.111/Data/Log/18_06_20.log
POC:http://域名/Data/Log/年_月_日.log
只需要尝试猜测日志的日期,就能够下载全部日志。
防御方法:加强日志名称的复杂程度。
The text was updated successfully, but these errors were encountered: