there is a file inclusion vulnerability

Question

there is a file inclusion vulnerability

yuansec opened this issue 6 years ago · 1 comments

In this page "MiniCMS-master\mc-admin\page-edit.php" have a file inclusion vulnerability.
1.The parameter “$page_state”get from POST，it is Controllable.

2.The parameter"index_file" is Controllable too.

3.Causes File Inclusion vulnerabilities

Answer 1 · 2019-04-15T02:34:02.000Z

For example，use parameter POST_“state”="../1.jpg" or “../../../../../etc/passwd” to attack