Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Invalid identity authentication vulnerability, any user can view the download database backup file #1
The latest version of DouPHP v1.5 Release 20190516, the background can back up the entire station data, but does not have access control on the backup file, resulting in any user can view or now the database file.
1、Log in to the background and back up data through the data backup function，And generate a sql file in the format of the date.
2、We look at the path generated by the backup file.http://url/data/backup/D20190522T154247.sql
3、Any user can access the backup file path through the url, and can view the download backup file.