FineCMS controllers\ApiController.php 函数downAction 任意文件下载

Basic Fields

SSV ID:
SSV-92602
Find Time:
Unknown
Submit Time:
2017-01-06
Level:
Category:
任意文件读取
Component:
FineCMS
Author:
Unknown
Submitter:
404notfound
CVE-ID:
Add
CNNVD-ID:
Add
CNVD-ID:
Add
ZoomEye Dork:
Add

Source

Detail

Contributor 404notfound Got  0KB
Loading icon
have 0  exchange

PoC

Unavailable PoC

Reference Linking

Solutions

Temp Solutions

Official Solution

Unavailable Official solution

Defense Solutions

Unavailable Defense Solutions

Popularity 2596
Need to bind phone before comment. Bind Now

All Comments (4)

  • 404notfound
    zjp师傅就是强,p牛好像更强,手动艾特p牛,你说的欢迎报考西安电子大学,然而我考不上-.-
    4F
  • 很好
    3F
  • 这个固定SITE_MEMBER_COOKIE 很强!
    2F
  • emptyiscolor
    fn_authcode 函数生成的字符串在key默认情况下,只与 SITE_MEMBER_COOKIE 的值有关,属于默认配置问题。使用相同的SITE_MEMBER_COOKIE 会导致文中所说的任意文件下载(线上有不少案例),当然理论上这个值也可以进行爆破的_(:з」∠)_。 目前官方下载的 Finecms 的'SITE_MEMBER_COOKIE' 默认设置为 '2967e68d382902a',官方 Git 有一 commit 建议上线前进行修改。
    1F

※Any content provided by this site, only to learn the code and services, not for illegal purposes