代码拉取完成,页面将自动刷新
Hello, after testing, I found that tpcms v3.2 has a vulnerability -- ThinkPHP log information leak.
Since the CMS code does not restrict the visitor's access to ThinkPHP's log directory, anyone can read ThinkPHP's Log through the URL. Such logs contain the administrator's user name, password, operation behavior, system information, etc. Sensitive information brings greater security risks to the system.
URL:
http://domain(or IP)/Data/Runtime/Logs/Admin/21_07_01.log
http://domain(or IP)/Data/Runtime/Logs/Home/21_07_01.log
http://domain(or IP)/Data/Runtime/Logs/Member/21_07_01.log
reference: