50 Star 349 Fork 138

Pear Admin / Pear Admin Think

 / 详情

pear-admin-think V2.1.2 Arbitrary file upload vulnerability

Done
Opened this issue  
2021-03-26 11:03

pear-admin-think V2.1.2 Arbitrary file upload vulnerability

Arbitrary file upload vulnerability exists in pear-admin-think V2.1.2
pear-admin-think V2.1.2 has an arbitrary file upload vulnerability, which allows remote attackers to control the server by uploading files

url: /admin.php/index/upload

Vulnerability file:app/common/service/UploadService.php

	private static function validate($file)
    {
        $v = new Validate();
        $v->rule([
            'file|图片' =>'fileSize:102400,fileExt:jpg,png,gif'
         ]);
        return $v->failException(true)->check($file);
    }

Vulnerability exploitation:
1.Log in backstage
2.upload file

1
2
3
4
Repair suggestions:
app/common/service/UploadService.php

	private static function validate($file)
    {
        $v = new Validate();
        $v->rule([
            'file|图片大小' =>'fileSize:102400',
            'file|后缀'=>'fileExt:jpg,png,gif'
         ]);
        return $v->failException(true)->check($file);
    }

Comments (2)

ab-alex created任务
ab-alex set related repository to Pear Admin/Pear Admin Think
Expand operation logs

复现成功!
输入图片说明
输入图片说明
测试成功
输入图片说明
输入图片说明
您提个pr吧

感谢反馈,已经修正

大梦 changed issue state from 待办的 to 已完成

Sign in to comment

Status
Assignees
Milestones
Pull Requests
Successfully merging a pull request will close this issue.
Branches
Planed to start   -   Planed to end
-
Top level
Priority
参与者(3)
5265086 resonate 1643459056 1302383 down home 1616568675
PHP
1
https://gitee.com/pear-admin/Pear-Admin-Think.git
git@gitee.com:pear-admin/Pear-Admin-Think.git
pear-admin
Pear-Admin-Think
Pear Admin Think

Search

113223 674803ea 1850385 170725 2838fb2a 1850385