skycaiji-v2.5.4 has a thinkphp log leak vulnerability
You can get the source code from here
https://down.chinaz.com/api/index/download?id=38972&type=code
Directly place it in the root directory of the website, access the server IP, and follow the prompts to install
After installation, it can be found that there is a thinkphp log file in this directory
Attackers can directly obtain website log files by traversing directories
Attackers can obtain sensitive information such as backend addresses and administrator accounts through this method.
转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。后续可能会有评论区,不过也可以在github联系我。