lavon issues

Repositories
Issues
Comments

Results 4 issues of


                                            lavon

There are some vulnerabilities in the upload payment plugin that can get webshell

When uploading payment plug-ins, attackers can bypass file verification and upload malicious php files by constructing the code of the php file in the zip compression package. Even uploading the...

There is a File upload vulnerability that can getshell

The file upload vulnerability here lies in the blacklist method used when verifying the suffix of the uploaded file. This verification method is not strict and is often bypassed by...

There is a remote command execution vulnerability

The save method in the com/key/dwsurvey/action/sysuser/SysPropertyAction.java file directly accepts the parameters passed from the client and writes them into the specified configuration file, which is directly included in login.jsp, resulting...

Invalid domain问题

url文件过大时会出现Invalid domain，无法解析域名