You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
4.You can see that index.php has been read and edited.
The text was updated successfully, but these errors were encountered:
r00tSe7en
changed the title
HongCMS 3.0 - Read and Edit Arbitrary Files
HongCMS 3.0 - Arbitrary Files Read and Edit
Jan 31, 2019
r00tSe7en
changed the title
HongCMS 3.0 - Arbitrary Files Read and Edit
HongCMS 3.0 - Arbitrary Files Read and Edit (Administrator Privilege)
Jan 31, 2019
1.Login to the backstage as the administrator;
2.You need to access the page" http://127.0.0.1/hongcms/admin/index.php/language/edit?filename=Chinese.php" or "http://127.0.0.1/hongcms/admin/index.php/language/edit?filename=English.php".
3.Change the file name you want to edit or read in the URL and access this page.
![2](https://user-images.githubusercontent.com/24263756/52030160-7ced0e80-2551-11e9-891d-a2a1b08f8942.png)
For example: "http://127.0.0.1/hongcms/admin/index.php/language/edit?filename=../../index.php".
4.You can see that index.php has been read and edited.
The text was updated successfully, but these errors were encountered: