if ($action == 'dell_all_bak') {
if (!isset($_POST['bak'])) {
emDirect('./data.php?error_a=1');
} else{
foreach ($_POST['bak'] as $val) {
unlink($val);
}
emDirect('./data.php?active_del=1');
}
}
post any filepath as "bak" , will delete it.
Login management background and view /admin/data.php?action=dell_all_bak
POST bak=anyfile,like ../index.php something.
POC:
vulnerability in admin/data.php line 139:
post any filepath as "bak" , will delete it.
Login management background and view /admin/data.php?action=dell_all_bak
POST bak=anyfile,like ../index.php something.
POC:
The text was updated successfully, but these errors were encountered: