Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

安全问题-文章管理任意文件跨目录上传 #42

Closed
W1one opened this issue Apr 7, 2020 · 3 comments
Closed

安全问题-文章管理任意文件跨目录上传 #42

W1one opened this issue Apr 7, 2020 · 3 comments

Comments

@W1one
Copy link

W1one commented Apr 7, 2020

1、在文章管理,编辑一篇文章,可以上传文章缩略图
image
2、查看代码中对上传文件的限制,不允许上传exe和jsp文件
image
3、在文章缩略图哪里上传图片,拦截数据包,修改filename为**.jsp. 注意jsp后有个点,即可绕过对上传文件的限制(在windows系统上会自动去除后缀的最后一点.)
image
4、由于代码中没有对../等特殊字符进行限制,我们通过修改uploadPath来实现任意目录穿越,这样我们可以吧jsp或exe文件上传到任意目录下。
image
5、我们访问返回的url即可(要去点最后一个点)

@sky5454
Copy link

sky5454 commented May 21, 2020

Please, all the security problems should use English. for that could stop somebody with evil to do that.

@d1227731421
Copy link
Contributor

Use mcms 5.1 version, the official has solved the problem

@killfen killfen closed this as completed Sep 10, 2020
@l0n3rs
Copy link

l0n3rs commented Jul 23, 2022

限制就是只能是目标机器为Windows😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants