Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code execution during installation #310

Closed
AirSkye opened this issue Jun 23, 2021 · 1 comment
Closed

Code execution during installation #310

AirSkye opened this issue Jun 23, 2021 · 1 comment
Labels

Comments

@AirSkye
Copy link

AirSkye commented Jun 23, 2021

进入安装流程,在MySQL database settings处输入payload:root\';phpinfo();//

Enter the installation process, enter the payload in the MySQL database settings: root\';phpinfo();//
1624353999296
点击Continue。重新刷新页面,执行php代码

Click Continue. Re-refresh the page and execute the php code
1624354054503
setup/inc/setup.func.inc.phpwrite_conf_file中对外部输入参数进行了过滤并拼接

The external input parameters are filtered and spliced in the write_conf_file of setup/inc/setup.func.inc.php
1624354234211
过滤替换'\',输入\'将被替换为\\',前面的\将后面的\进行了转义导致其失效。

Filtering replaces ' with \', inputting \' will be replaced with \\', the front \ will escape the following \ to make it invalid.
1624354344281
最终结果

Final Results
1624354441095

slackero added a commit that referenced this issue Jun 24, 2021
@slackero slackero added the bug label Jun 24, 2021
@slackero
Copy link
Owner

Thanks for reporting this potential problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants