57 Star 434 Fork 176

Pear Admin / Pear Admin Think

 / 详情

pear-admin-think V2.1.2 Arbitrary file upload vulnerability

已完成
创建于  
2021-03-26 11:03

pear-admin-think V2.1.2 Arbitrary file upload vulnerability

Arbitrary file upload vulnerability exists in pear-admin-think V2.1.2
pear-admin-think V2.1.2 has an arbitrary file upload vulnerability, which allows remote attackers to control the server by uploading files

url: /admin.php/index/upload

Vulnerability file:app/common/service/UploadService.php

	private static function validate($file)
    {
        $v = new Validate();
        $v->rule([
            'file|图片' =>'fileSize:102400,fileExt:jpg,png,gif'
         ]);
        return $v->failException(true)->check($file);
    }

Vulnerability exploitation:
1.Log in backstage
2.upload file

1
2
3
4
Repair suggestions:
app/common/service/UploadService.php

	private static function validate($file)
    {
        $v = new Validate();
        $v->rule([
            'file|图片大小' =>'fileSize:102400',
            'file|后缀'=>'fileExt:jpg,png,gif'
         ]);
        return $v->failException(true)->check($file);
    }

评论 (2)

ab-alex 创建了任务
ab-alex 关联仓库设置为Pear Admin/Pear Admin Think
展开全部操作日志

复现成功!
输入图片说明
输入图片说明
测试成功
输入图片说明
输入图片说明
您提个pr吧

感谢反馈,已经修正

大梦 任务状态从 待办的 修改为已完成

登录 后才可以发表评论

状态
负责人
里程碑
Pull Requests
关联的 Pull Requests 被合并后可能会关闭此 issue
分支
开始日期   -   截止日期
-
置顶选项
优先级
参与者(3)
5265086 resonate 1643459056 1302383 down home 1616568675
PHP
1
https://gitee.com/pear-admin/Pear-Admin-Think.git
git@gitee.com:pear-admin/Pear-Admin-Think.git
pear-admin
Pear-Admin-Think
Pear Admin Think

搜索帮助