码云 IDEA 插件最新版本发布,支持 Pull Request

GVP铭飞 / MCMSJavaMIT

指数
0
Watch 2.6k Star 5.3k Fork 2.7k

Unauthorized upload vulnerability

待办的
Devote  创建于

Since this upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First upload a picture horse, then intercept the data packet in the name parameter that changes the suffix name to jsp, after the release request, the server returns the storage path of the webshell.

共1人参与

评论 (0)

登录 后才可以发表评论

负责人
标签
未设置
里程碑
关联分支
开始时间
未设置
结束时间
未设置
置顶选项
优先级

搜索帮助