The cause of the vulnerability: When decompressing, the compressed files were not filtered and judged, which resulted in the possibility of uploading cross-directory zip files to getshell.
Vulnerability Recurrence:: Log in to the background and visit:/open/app/LKT/index.php?module=system&action=pay To upload a compressed file, put the malicious file that can be traversed into a zip, upload and decompress it.
The cause of the vulnerability: When decompressing, the compressed files were not filtered and judged, which resulted in the possibility of uploading cross-directory zip files to getshell.

Vulnerability Recurrence:: Log in to the background and visit:/open/app/LKT/index.php?module=system&action=pay To upload a compressed file, put the malicious file that can be traversed into a zip, upload and decompress it.
Then access the path of the malicious file:
poc:
Upload was successful and executed successfully!
The text was updated successfully, but these errors were encountered: