Open eexp opened 1 year ago
It doesn't help.
It doesn't help.
but it real exist and it work .
/**
* @return array
* @throws \ReflectionException
*/
public function uninstall(): array
{
//卸载插件
$pluginKey = (string)$_POST['plugin_key'];
$type = (int)$_POST['type'];
if(!ctype_alnum($pluginKey)){
return $this->json(200, "非法请求");
}
if ($type == 0) {
\Kernel\Util\Plugin::runHookState($pluginKey, \Kernel\Annotation\Plugin::UNINSTALL);
}
$this->app->uninstallPlugin($pluginKey, $type);
ManageLog::log($this->getManage(), "卸载了应用({$pluginKey})");
return $this->json(200, "卸载完成");
}
Vulnerability location app/Controller/Admin/Api/App.php uninstall() The system does not verify the post value so we can input anything Delet chain but it has waf we can use url encode bypass it pyload we send the post the we can see All files in this directory have been deleted