• A+

No restrictions, no account registration, no CSRF, no injection. A request gets the shell directly. It has to be said that PhpOK's input processing is still good... But there's a problem

Brief description:

No restrictions, no account registration, no CSRF, no injection. A request gets the shell directly. It has to be said that PhpOK's input processing is still good... But there's a problem

detailed description:

/Framework / www / ueditor? Control.php line 61

The remote image function does not check the remote file suffix and directly saves it to the local

There's nothing to analyze in my heart. I won't post code analysis

Proof of loopholes:

Construct request