You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First, we find that there is a sensitive function for "del_resource" of core\function.php
We follow it to dawn\app.php:
How do we call the "m__del_resource" function?
Good. I already know how to use it :
Let's first create a test file 123.php in the root directory:
Open burp and pay attention to the data of get and post:(Note that you have to log in to the background first:
http://your_site/your_backstage)
Click send, it shows failed?
But when we look at the local files, "123.php" has disappeared :
The text was updated successfully, but these errors were encountered:
H9dawn
changed the title
I found out in /dawn/app.php After logging in, allow me to delete any file(Login required)
I found out in /admin/app.php After logging in, allow me to delete any file(Login required)
Dec 18, 2020
First, we find that there is a sensitive function for "del_resource" of core\function.php
We follow it to dawn\app.php:
How do we call the "m__del_resource" function?
Good. I already know how to use it :
Let's first create a test file 123.php in the root directory:
Open burp and pay attention to the data of get and post:(Note that you have to log in to the background first:
http://your_site/your_backstage)
Click send, it shows failed?
But when we look at the local files, "123.php" has disappeared :
The text was updated successfully, but these errors were encountered: