| Название | Vulnerabilities in the dating platform. windows 4.0 File upload vulnerability |
|---|
| Описание | Code auditing reveals that the following code receives the data parameter through the input function. The type of the data parameter is an array, and then it calls the base64image function for processing.
$res = base64Image($v,"uploads/".date("Y-m-d")."/");
if (preg_match('/^(data:\s*image\/(\w+);base64,)/',$imgBase64,$res))
if (file_put_contents($new_file,base64_decode(str_replace($res[1],'', $imgBase64))))
After encoding the verification code with Base64, upload it.
https://www.jianshu.com/p/f8ca5e3cd889 |
|---|
| Источник | ⚠️ https://www.jianshu.com/p/f8ca5e3cd889 |
|---|
| Пользователь | leizi (UID 82832) |
|---|
| Представление | 16.03.2025 07:46 (1 Год назад) |
|---|
| Модерация | 22.03.2025 14:45 (6 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 300688 [Yue Lao Blind Box 月老盲盒 до 4.0 Upload.php base64image data эскалация привилегий] |
|---|
| Баллы | 20 |
|---|