欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

野草weedcmsV5.2.1 任意删除文件漏洞

程序员文章站 2022-03-19 09:56:40
  member.php   if($action=='edit_member_ok'){ //member.php?action=edit_member_ok   check_request(); //检查来路   if(!check_login()){ //检测是否登录会员   messag... 11-03-11...

  member.php

  if($action=='edit_member_ok'){ //member.php?action=edit_member_ok

  check_request(); //检查来路

  if(!check_login()){ //检测是否登录会员

  message(array('text'=>$language['please_login'],'link'=>'member.php'));

  }

  ...省略一堆无关东西

  $member_photo_delete=empty($_post['member_photo_delete'])?'':trim($_post['member_photo_delete']);

  ..继续省略一堆无关东西

  if(!empty($member_photo_delete)){

  @unlink(root_path."/uploads/".$member_photo_delete);

  //直接删除了