lizhipay / acg-faka

个人发卡源码,发卡系统,二次元发卡系统,二次元发卡源码,发卡程序,动漫发卡,PHP发卡源码,异次元发卡
MIT License
3.5k stars 690 forks source link

acg-faka Background can delete any file #30

Open eexp opened 1 year ago

eexp commented 1 year ago

Vulnerability location app/Controller/Admin/Api/App.php uninstall() image The system does not verify the post value so we can input anything Delet chain image image but it has waf we can use url encode bypass it pyload image we send the post the we can see All files in this directory have been deleted image

lizhipay commented 1 year ago

It doesn't help.

eexp commented 1 year ago

It doesn't help.

but it real exist and it work .

liuweitao commented 1 year ago
    /**
     * @return array
     * @throws \ReflectionException
     */
    public function uninstall(): array
    {
        //卸载插件
        $pluginKey = (string)$_POST['plugin_key'];
        $type = (int)$_POST['type'];

        if(!ctype_alnum($pluginKey)){
            return $this->json(200, "非法请求");
        }

        if ($type == 0) {
            \Kernel\Util\Plugin::runHookState($pluginKey, \Kernel\Annotation\Plugin::UNINSTALL);
        }

        $this->app->uninstallPlugin($pluginKey, $type);

        ManageLog::log($this->getManage(), "卸载了应用({$pluginKey})");
        return $this->json(200, "卸载完成");
    }