| 제목 | Vulnerabilities in the dating platform. windows 4.0 File upload vulnerability |
|---|
| 설명 | Code auditing reveals that the following code receives the data parameter through the input function. The type of the data parameter is an array, and then it calls the base64image function for processing.
$res = base64Image($v,"uploads/".date("Y-m-d")."/");
if (preg_match('/^(data:\s*image\/(\w+);base64,)/',$imgBase64,$res))
if (file_put_contents($new_file,base64_decode(str_replace($res[1],'', $imgBase64))))
After encoding the verification code with Base64, upload it.
https://www.jianshu.com/p/f8ca5e3cd889 |
|---|
| 원천 | ⚠️ https://www.jianshu.com/p/f8ca5e3cd889 |
|---|
| 사용자 | leizi (UID 82832) |
|---|
| 제출 | 2025. 03. 16. AM 07:46 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 22. PM 02:45 (6 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 300688 [Yue Lao Blind Box 月老盲盒 까지 4.0 Upload.php base64image data 권한 상승] |
|---|
| 포인트들 | 20 |
|---|