Closed cxcxcxcxcxcxcxc closed 1 month ago
The username is controllable and has no filtering, allowing for directory traversal.
username
在IndexApiController的100行做了验证
https://github.com/atjiu/pybbs/blob/714b1bbc17938de0bef1bb3320868ba0457a422f/src/main/java/co/yiiu/pybbs/controller/api/IndexApiController.java#L100
atjiu
commented
1 month ago atjiu
commented
1 month ago
The
usernameis controllable and has no filtering, allowing for directory traversal.