thinksns apps\public\Lib\Action\AttachAction.class.php arbitrary file upload

Arbitrary file upload getshell vulnerabilities in C:\phpStudy\WWW\apps\public\Lib\Action\AttachAction.class.php中的ajaxUpload函数 You can see the first 192 lines $options'allowexts' = tjiemi$REQUEST'exts'; Get the variable exts, and then after jiemi function of the processing, the jiemi function in...