First, we find that there is a sensitive function for "del_resource" of core\function.php
We follow it to dawn\app.php:
How do we call the "m__del_resource" function?
Good. I already know how to use it :
Let's first create a test file 123.php in the root directory:
Open burp and pay attention to the data of get and post:(Note that you have to log in to the background first:
http://your_site/your_backstage)
Click send, it shows failed?
But when we look at the local files, "123.php" has disappeared :
The text was updated successfully, but these errors were encountered:
H9dawn
changed the title
I found out in /dawn/app.php After logging in, allow me to delete any file(Login required)
I found out in /admin/app.php After logging in, allow me to delete any file(Login required)
Dec 18, 2020
First, we find that there is a sensitive function for "del_resource" of core\function.php
We follow it to dawn\app.php:
How do we call the "m__del_resource" function?
Good. I already know how to use it :
Let's first create a test file 123.php in the root directory:
Open burp and pay attention to the data of get and post:(Note that you have to log in to the background first:
http://your_site/your_backstage)
Click send, it shows failed?
But when we look at the local files, "123.php" has disappeared :
The text was updated successfully, but these errors were encountered: