4.You can see that index.php has been read and edited.
The text was updated successfully, but these errors were encountered:
r00tSe7en
changed the title
HongCMS 3.0 - Read and Edit Arbitrary Files
HongCMS 3.0 - Arbitrary Files Read and Edit
Jan 31, 2019
r00tSe7en
changed the title
HongCMS 3.0 - Arbitrary Files Read and Edit
HongCMS 3.0 - Arbitrary Files Read and Edit (Administrator Privilege)
Jan 31, 2019
1.Login to the backstage as the administrator;
2.You need to access the page" http://127.0.0.1/hongcms/admin/index.php/language/edit?filename=Chinese.php" or "http://127.0.0.1/hongcms/admin/index.php/language/edit?filename=English.php".
3.Change the file name you want to edit or read in the URL and access this page.

For example: "http://127.0.0.1/hongcms/admin/index.php/language/edit?filename=../../index.php".
4.You can see that index.php has been read and edited.
The text was updated successfully, but these errors were encountered: