Login the admin page and find a place to upload .jpg image. Intercept the request, change the file extension to .php and insert the content of webshell:
What is the expected result?
The backend should deny for uploading unexpected file type (with .php extension) in services/Image.php, function getUniqueImgNameInPath()
What steps will reproduce the problem?
Login the admin page and find a place to upload
.jpgimage. Intercept the request, change the file extension to.phpand insert the content of webshell:What is the expected result?
The backend should deny for uploading unexpected file type (with .php extension) in
services/Image.php, functiongetUniqueImgNameInPath()yii2_fecshop/services/Image.php
Line 276 in b15d7ed
What do you get instead?
The php webshell was successfully uploaded to the website:
Additional info
The text was updated successfully, but these errors were encountered: