media-manager icon indicating copy to clipboard operation
media-manager copied to clipboard

Published 20 hours ago verified publisher icon laravel-admin-extensions

/media/download?file= 允许下载其他目录的文件

Open onehumanbeing opened this issue 6 years ago • 0 comments

在默认的 'disk' => 'public'下: 测试案例: /admin/media/download?file=../../../../../../../etc/passwd 效果:会下载passwd的配置文件 /admin/media/download?file=../../../.env 效果:会下载env文件 虽然可以允许只有超管访问当前目录,但是感觉有点危险

onehumanbeing avatar Feb 21 '19 06:02 onehumanbeing