Open SummerSec opened 4 years ago
FileManager add方法修改下,可以参考
if (getConfig("upload-size") != null) {
maxSize = Integer.parseInt(getConfig("upload-size"));
if (maxSize != 0 && item.getSize() > (maxSize * 1024 * 1024)) {
this.error(sprintf(lang("UPLOAD_FILES_SMALLER_THAN"), maxSize + "Mb"));
error = true;
}
}
默认不就是这样子的?
admin login required.
Under the template interface in the administrator interface, upload a normal file 1.txt burp intercept request package modify the file name to 1.jsp or any other suffix. Including but not only with JSP suffixes, EXE, C, PY, and more!