You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I think this is a more serious vulnerability.
As long as any one has the permission to edit Blog or Pages pages, of course, other interfaces also have similar problems.
The problem mainly occurs in the inc/core/lib/Templates.php, which is also some template format used in your footer and title
Below I will give the way to use it:
1、 Blog:
{? system('whoami')?}
{?=system('id')?}
Preview it, use success:
2、Pages:
Here I give another payload use:
{if: system('id')}{/if}
Preview it, use success:
The text was updated successfully, but these errors were encountered:
Hello, I think this is a more serious vulnerability.
As long as any one has the permission to edit Blog or Pages pages, of course, other interfaces also have similar problems.
The problem mainly occurs in the inc/core/lib/Templates.php, which is also some template format used in your footer and title
Below I will give the way to use it:
1、 Blog:
Preview it, use success:2、Pages:
Here I give another payload use:
Preview it, use success:The text was updated successfully, but these errors were encountered: