You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pass in the path and name variables in the code, obtain the file path through the File class, and finally use FileTools.getFileContet() to read the content of the obtained file.
Build the source code locally by downloading https://gitee.com/marker/MRCMS
The vulnerability exists: http://127.0.0.1:8080/admin/index.do
Click Content Management-->File Management
Click the Edit File button 1.txt
Read the
config.properties
file in theresources
directory by using../
poc
Read the contents of the
config.properties
filecode discovery
Code path:
MRCMS\src\main\java\org\marker\mushroom\controller\FileController.java
Pass in the
path
andname
variables in the code, obtain the file path through theFile
class, and finally useFileTools.getFileContet()
to read the content of the obtained file.Code path:
MRCMS\src\main\java\org\marker\mushroom\utils\FileTools.java
getFileContet
method callgetContent
Code path:
MRCMS\src\main\java\org\marker\mushroom\utils\FileTools.java
getContent
Read file contentsThe text was updated successfully, but these errors were encountered: