Specific operation demonstration
Find the globally defined delete function
Find where delete_file() is called, and then find the condition that the function point code if requires.
When these two conditions are met, the file can be successfully deleted.
Specific operation demonstration

Find the globally defined delete function
Find where delete_file() is called, and then find the condition that the function point code if requires.
When these two conditions are met, the file can be successfully deleted.
if(isset($_POST['send']) && $sys_group_vars['demo'] == 0)


if($_POST['deletepic'])
Find the corresponding deletion location on the web page through the source code

found by packet capture

Delete files in the upper directory through directory traversal to achieve the effect of arbitrary file deletion

You can see that the file has been successfully deleted

The text was updated successfully, but these errors were encountered: