Open bkfish opened 2 years ago
After login as admin,file manager and downloadfunction after change path param can read arbitrary file
location:include/File.php
we can use ../ to traverse to the previous directory
you can check path ,for example check if it has .. then refuse this request
..
poc
After login as admin,file manager and downloadfunction
after change path param can read arbitrary file
analysis
location:include/File.php
suggest
you can check path ,for example check if it has
..then refuse this request