taoCMS is an incredible tiny CMS( Content Management System) , writen in PHP and support MySQL/Sqlite as the database(MIT License)
60
stars
21
forks
source link
There is a Arbitrary file download attack at " File Management column"(administrator authority) #10
Open
7wkajk opened 2 years ago
First, we enter the background and use the administrator admin we created:
Let's click "file management" on the left:
Then use Burp Suite and click Download to grab the request package
Changing the “path” parameter