We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After login as admin,file manager and downloadfunction after change path param can read arbitrary file
location:include/File.php
we can use ../ to traverse to the previous directory
you can check path ,for example check if it has .. then refuse this request
..
The text was updated successfully, but these errors were encountered:
No branches or pull requests
poc
After login as admin,file manager and downloadfunction
after change path param can read arbitrary file
analysis
location:include/File.php
we can use ../ to traverse to the previous directory
suggest
you can check path ,for example check if it has
..then refuse this requestThe text was updated successfully, but these errors were encountered: