You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This vulnerability lies in the create_setting_ file function in create_setting_ common.php, which generates a configuration file without doing any processing to the data passed in the backend modification operation.
漏洞分析 Vulnerability analysis
这个漏洞位于
app/admin/common.php
中的create_setting_file
函数这里,对于后台修改操作传入的数据没有做任何处理就生成了配置文件。This vulnerability lies in the
create_setting_ file
function increate_setting_ common.php
, which generates a configuration file without doing any processing to the data passed in the backend modification operation.导致在进行后台设置时产生了任意代码注入。
Results in arbitrary code injection during background setup.
漏洞复现 Vulnerability Reproduction
数据包:
Data package:
修改之后结果:
The result after modification:
生成的
admin.php
中包恶意代码,攻击者可通过此处入侵服务器。Malicious code is included in the generated
admin.php
, through which an attacker can invade the server.修复建议 Repair suggestion
The text was updated successfully, but these errors were encountered: