mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-07-13 21:02:44 +08:00
44 lines
1.1 KiB
YAML
44 lines
1.1 KiB
YAML
name: poc-yaml-ueditor-cnvd-2017-20077-file-upload
|
|
sets:
|
|
uri:
|
|
- /
|
|
- /content/
|
|
- /Content/plugins/
|
|
- /Content/js/
|
|
- /Utility/
|
|
- /js/
|
|
- /plugins/
|
|
- /scripts/
|
|
- /Scripts/
|
|
- /WebComm/CommScripts/
|
|
- /static/
|
|
edit:
|
|
- ueditor
|
|
- Ueditor
|
|
- editor
|
|
- ueditor1_4_3_3
|
|
- ueditor1_4_3_3-utf8-net/utf8-net
|
|
net:
|
|
- /net/
|
|
- /
|
|
controller:
|
|
- controller.ashx?
|
|
- "?"
|
|
rules:
|
|
- method: GET
|
|
path: "{{uri}}{{edit}}{{net}}{{controller}}ccc=test&action=catchimage&encode=utf-8"
|
|
headers:
|
|
Accept-Encoding: 'deflate'
|
|
follow_redirects: false
|
|
expression: |
|
|
response.status == 200 && response.body.bcontains(bytes(string("没有指定抓取源")))
|
|
detail:
|
|
author: 清风明月(www.secbook.info)
|
|
influence_version: 'UEditor v1.4.3.3'
|
|
links:
|
|
- https://zhuanlan.zhihu.com/p/85265552
|
|
- https://www.freebuf.com/vuls/181814.html
|
|
- http://123.57.69.82:20000/Utility/UEditor/net?action=catchimage
|
|
exploit: >-
|
|
http://localhost/ueditor/net/controller.ashx?action=catchimage&encode=utf-8
|