野草weedcmsV5.2.1 任意删除文件漏洞

网站建设 2021-07-03 10:02www.dzhlxh.cn网站建设

  member.php

  if($action=='edit_member_ok'){ //member.php?action=edit_member_ok

  check_request(); //检查来路

  if(!check_login()){ //检测是否登录会员

  message(array('text'=>$language['please_login'],'link'=>'member.php'));

  }

  ...省略一堆无关东西

  $member_photo_delete=empty($_POST['member_photo_delete'])?'':trim($_POST['member_photo_delete']);

  ..继续省略一堆无关东西

  if(!empty($member_photo_delete)){

  @unlink(ROOT_PATH."/uploads/".$member_photo_delete);

  //直接删除了

Copyright © 2016-2025 www.dzhlxh.cn 金源码 版权所有 Power by

网站模板下载|网络推广|微博营销|seo优化|视频营销|网络营销|微信营销|网站建设|织梦模板|小程序模板