Download && Delete Anything at /admin/controllers/database.php

                                                            HongCMS

                        0x01 Delete&&download Anything(Admin Privilege)

/admin/controllers/database
![image](https://user-images.githubusercontent.com/40140600/74008873-fddcb280-49bc-11ea-9232-ec7d34c7654a.png)
![image](https://user-images.githubusercontent.com/40140600/74008896-0b923800-49bd-11ea-9834-2d7eaa87e94b.png)

There is a ajax() which can delete or download anything.
 
The ForceStringFrom() is to receive get or post from user，if we get action is delete and filename is test.txt(default path is /system/backup):
 
![image](https://user-images.githubusercontent.com/40140600/74008901-0e8d2880-49bd-11ea-9186-eb5e1993dd65.png)
![image](https://user-images.githubusercontent.com/40140600/74008908-11881900-49bd-11ea-9d05-5909c6542aa2.png)

 
Delete successfully.
We can delete anthing:
 ![image](https://user-images.githubusercontent.com/40140600/74008896-0b923800-49bd-11ea-9834-2d7eaa87e94b.png)


 
![image](https://user-images.githubusercontent.com/40140600/74009545-62e4d800-49be-11ea-8620-27f15113d6c4.png)




                                     0x02 Download Anything(Admin Privilege)
 
![image](https://user-images.githubusercontent.com/40140600/74009549-6710f580-49be-11ea-8533-d914765ca30a.png)


Just modify the param we get.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Download && Delete Anything at /admin/controllers/database.php #16

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Download && Delete Anything at /admin/controllers/database.php #16

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions