Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bloofox 0.5.2 any file deletion #1

Open
jspring996 opened this issue Mar 3, 2023 · 0 comments
Open

bloofox 0.5.2 any file deletion #1

jspring996 opened this issue Mar 3, 2023 · 0 comments

Comments

@jspring996
Copy link
Owner

jspring996 commented Mar 3, 2023

Specific operation demonstration
Find the globally defined delete function
image.png

Find where delete_file() is called, and then find the condition that the function point code if requires.
When these two conditions are met, the file can be successfully deleted.

if(isset($_POST['send']) && $sys_group_vars['demo'] == 0)
if($_POST['deletepic'])
image.png
image.png

Find the corresponding deletion location on the web page through the source code
image.png

found by packet capture
image.png

Delete files in the upper directory through directory traversal to achieve the effect of arbitrary file deletion
image.png

You can see that the file has been successfully deleted
image.png

@jspring996 jspring996 changed the title Arbitrary file deletion bloofox 0.5.2 Arbitrary file deletion Mar 3, 2023
@jspring996 jspring996 changed the title bloofox 0.5.2 Arbitrary file deletion bloofox 0.5.2 any file deletion Mar 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant