开源中国 2018 年度最后一场技术盛会邀你来约~错过就要等明年啦!点此立即预约

GVP铭飞 / MCMSJavaMIT

Watch 2.5k Star 4.9k Fork 2.5k

Unauthorized upload vulnerability #IO0IQ

待办的
Devote  创建于

Since this upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First upload a picture horse, then intercept the data packet in the name parameter that changes the suffix name to jsp, after the release request, the server returns the storage path of the webshell.

共1人参与

评论 (0)

登录 后才可以发表评论

负责人
标签
未设置
里程碑
关联分支
开始时间
未设置
结束时间
未设置
置顶选项
优先级

搜索帮助

12_float_left_people 12_float_left_close