lizhipay
commented
1 year ago It doesn't help.
Open eexp opened 1 year ago
lizhipay
commented
1 year ago It doesn't help.
eexp
commented
1 year ago It doesn't help.
but it real exist and it work .
liuweitao
commented
1 year ago /**
* @return array
* @throws \ReflectionException
*/
public function uninstall(): array
{
//卸载插件
$pluginKey = (string)$_POST['plugin_key'];
$type = (int)$_POST['type'];
if(!ctype_alnum($pluginKey)){
return $this->json(200, "非法请求");
}
if ($type == 0) {
\Kernel\Util\Plugin::runHookState($pluginKey, \Kernel\Annotation\Plugin::UNINSTALL);
}
$this->app->uninstallPlugin($pluginKey, $type);
ManageLog::log($this->getManage(), "卸载了应用({$pluginKey})");
return $this->json(200, "卸载完成");
}
Vulnerability location app/Controller/Admin/Api/App.php uninstall()
The system does not verify the post value so we can input anything
Delet chain
but it has waf we can use url encode bypass it
pyload
we send the post the we can see All files in this directory have been deleted
