Vulnerability location:
/data/inc/file.php line:42
If the file name is '.htaccess', the strpos function returns a result of 0.
Demo:
Upload these two files in the management file interface.
Access in /files/1.txt.
Successful execution.
Then upload attack code.
Successfully obtained the shell.
Poc:
Vulnerability location:



/data/inc/file.php line:42
If the file name is '.htaccess', the strpos function returns a result of 0.
Demo:
Upload these two files in the management file interface.
Access in /files/1.txt.



Successful execution.
Then upload attack code.
Successfully obtained the shell.
Poc:
The text was updated successfully, but these errors were encountered: