Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

arbitrary file read vulnerability #15

Open
destinypwd opened this issue Jan 10, 2022 · 1 comment
Open

arbitrary file read vulnerability #15

destinypwd opened this issue Jan 10, 2022 · 1 comment

Comments

@destinypwd
Copy link

analysis

The location of the vulnerability is line 55 in \taocms\include\Model\File.php and we can see that the path parameter is passed directly to file_get_contents function without filtering

20220110154029

20220110154107

poc

After login as admin,Enter the file management interface and edit function

1

Get packets using brup
Any file can be read after changing the path parameter

20220110153415

@xiaoabai
Copy link

根据你的poc,这个漏洞代码应该为File.php第82-86行

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants