Skip to content
This repository was archived by the owner on May 8, 2024. It is now read-only.
This repository was archived by the owner on May 8, 2024. It is now read-only.

GreenCMS存在信息泄漏漏洞可下载所有日志 #110

Open
@BakedPotato999

Description

@BakedPotato999

漏洞发现者:vr_system
恶意攻击者可以下载网站全部日志。
测试地址:http://192.168.249.128:8080/GreenCMS-beta/Data/Log/18_06_20.log
案例地址:http://47.100.195.111/Data/Log/18_06_20.log
POC:http://域名/Data/Log/年_月_日.log
只需要尝试猜测日志的日期,就能够下载全部日志。
防御方法:加强日志名称的复杂程度。

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions