taocms icon indicating copy to clipboard operation
taocms copied to clipboard

Published 20 hours ago verified publisher icon taogogo

arbitrary file read vulnerability

Open bkfish opened this issue 3 years ago • 0 comments

poc

After login as admin,file manager and downloadfunction image after change path param can read arbitrary file image

analysis

location:include/File.php image

image we can use ../ to traverse to the previous directory

suggest

you can check path ,for example check if it has .. then refuse this request

bkfish avatar Jan 04 '22 02:01 bkfish