CVE-2019-16132 OKLite v1.2.25 任意文件刪除漏洞

From PwnWiki

Revision as of 09:27, 1 May 2021 by Pwnwiki (talk | contribs) (Created page with "==版本== OKLite v1.2.25 ==前提條件== 需要登錄後臺面板 ==漏洞利用== 在主目錄下創建一個index.txt用來測試登錄後台，在設置->風格管理...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

版本

OKLite v1.2.25

前提條件

需要登錄後臺面板

漏洞利用

在主目錄下創建一個index.txt用來測試

登錄後台，在設置->風格管理

點擊文件管理

隨便刪除一個文件，點擊抓包，修改title參數為../../test.txt

發送請求，主目錄下的test.txt已被刪除

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2019-16132_OKLite_v1.2.25_任意文件刪除漏洞&oldid=1970"