eYou邮件系统文件删除(2)

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: eYou邮件系统存在越权+任意文件删除漏洞 ### 详细说明: #1 漏洞连接 文件删除:/admin/group/del_addition.php 文件上传:/admin/group/upload_addition.php ``` $ToRemove = post('ToRemove'); $size = @filesize($ToRemove); if(is_array($_SESSION['tmpName'])) { $key = array_search($ToRemove,$_SESSION['tmpName']); }else { $key = null; } if(file_exists($ToRemove)) { $res = @unlink($ToRemove); if($res == 1) { //文件被del了 if($size != false) { $_SESSION['size'] -= $size; if($_SESSION['size'] < 0 ) { $_SESSION['size'] = 0; } } unset($_SESSION['upload'][$key],$_SESSION['tmpName'][$key]); } } ``` $ToRemove = post('ToRemove');//接收post参数后没有经过任何的过滤 $res = @unlink($ToRemove); //没有经过任何过滤便进入了危险函数unlink,造成任意文件删除 #2 漏洞测试 google:intitle:亿邮通讯 选取如下网站: http://cma.org.cn/admin/group/upload_addition.php [<img src="https://images.seebug.org/upload/201404/21115802887803742344bb3211fe32d6f38cdfa8.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/21115802887803742344bb3211fe32d6f38cdfa8.jpg)...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息