Skip to content

There is an arbitrary file deletion vulnerability in src/main/java/com/wuhao/wuhaozn_springboot/portal_control/slideshow_control.java and src/main/java/com/wuhao/wuhaozn_springboot/util/delete_slideshow.java #7

Description

@liyunqiangs

The file path returned by the front end was not filtered.

Image

Delete the file directly using the file name returned by the front end.

Image

File deletion test:
Frist, create the file named "test.txt".

Image

Then,send a request to access '/delete_slideshow' and specify the deletion of the file as the target file.

Image

The target file has been deleted and the attack was successful.

Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions