Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
There is a reinstall vulnerability that can be reinstall your website. #16
Nice catch! Will fix this ASAP.…
On Feb 14, 2019, at 12:12 AM, zyfyc ***@***.***> wrote: Although you have detected this config.php to prevent reinstall,but it still exist. poc: <https://user-images.githubusercontent.com/43108927/52761889-3c60bb00-3050-11e9-9861-3d247ed346dd.png> let's bypass by the parameter "p" <https://user-images.githubusercontent.com/43108927/52762188-78485000-3051-11e9-82cd-09fa69cd0068.png> then we can reinstall the website. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#16>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAC3BECTx3aPeAwYEwIpZUlvleoVsY58ks5vNOIsgaJpZM4a6yat>.
Fixing the reinstall issue now (still not right) - and will only allow access and editing of CSS files.…
On Feb 14, 2019, at 8:00 PM, zyfyc ***@***.***> wrote: That's fine.The reason why I show two pocs is that we can reinstall the website then getshell by this "Assets" function to modify php files.Thanks for your reply. — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#16 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAC3AtkEFg1IISGhmlQjyWm9ldmBoiRvks5vNfitgaJpZM4a6yat>.