jfinal_cms icon indicating copy to clipboard operation
jfinal_cms copied to clipboard
verified publisher icon jflyfox

Administrator Interface SSTI Vulnerability

Open Lilc1 opened this issue 5 years ago • 2 comments

com.jflyfox.modules.filemanager.FileManagerController#index

else if (request.getMethod().equals("POST")) {
				if (mode == null) {
					mode = "upload";
					responseData = fm.add();
					putTextarea = true;
				} else if (mode.equals("savefile")) {
					if (needPath && fm.setGetContent("content", request.getParameter("content"))) {
						responseData = fm.saveFile();
					}
				}

Here you can insert the Beetl template code in the html file to call the Runtime () method. Examples: Insert beetl template code in show_person.html to execute the ‘calc’ command.Trigger by visiting the page. image image Repair plan: Filter the "content" parameter, not allowed to insert template code.

Lilc1 avatar Apr 13 '20 03:04 Lilc1

师傅留个联系方式,讨论一下呗

SummerSec avatar Apr 13 '20 04:04 SummerSec

Report Lilc of Chaitin Tech Use CVE-2020-18532

Lilc1 avatar Mar 11 '21 04:03 Lilc1