yuansec
commented
5 years ago For example,use parameter POST_“state”="../1.jpg" or “../../../../../etc/passwd” to attack
Closed yuansec closed 3 years ago
yuansec
commented
5 years ago For example,use parameter POST_“state”="../1.jpg" or “../../../../../etc/passwd” to attack
In this page "MiniCMS-master\mc-admin\page-edit.php" have a file inclusion vulnerability. 1.The parameter “$page_state”get from POST,it is Controllable.
2.The parameter"index_file" is Controllable too.
3.Causes File Inclusion vulnerabilities