Merge pull request #19 from xiaoheihei1107/master

Add Kingsoft V8V9 get_file_content.php File Read Add Yunxintong Cropper.aspx Arbitrary File Read Add Windor FileDownLoad.aspx Arbitrary File Read Add Doccms keyword sqli
2025-05-06 10:41:40 +00:00 · 2021-09-01 10:08:52 +08:00 · 2021-09-01 10:08:52 +08:00 · 003b9819d0
commit 003b9819d0
parent 61d2522c8f 8fdf068fbd
8 changed files with 36 additions and 0 deletions
--- a/sqli/Doccms_keyword_sqli.gif
+++ b/sqli/Doccms_keyword_sqli.gif
--- a/sqli/README.md
+++ b/sqli/README.md
@ -0,0 +1,9 @@
+# Doccms keyword sqli
+
+DocCMS keyword parameter has SQL injection vulnerability, attacker can obtain database information through the vulnerability.
+
+FOFA **query rule**: [app="Doccms"](https://fofa.so/result?qbase64=YXBwPSJEb2NjbXMi)
+
+# Demo
+
+![Doccms_keyword_sqli](Doccms_keyword_sqli.gif)
--- a/Kingsoft/get_file_content_php/Kingsoft_V8V9_get_file_content_php_Arbitrary_File_Read.gif
+++ b/Kingsoft/get_file_content_php/Kingsoft_V8V9_get_file_content_php_Arbitrary_File_Read.gif
--- a/Kingsoft/get_file_content_php/README.md
+++ b/Kingsoft/get_file_content_php/README.md
@ -0,0 +1,9 @@
+# Kingsoft V8 V9 get_file_content.php Arbitrary File Read
+
+Kingsoft V8, V9 terminal security system has arbitrary file reading vulnerabilities. Attackers can download arbitrary files in the WEB directory through the vulnerabilities.
+
+FOFA **query rule**: [body="金山安全管理" && title="终端安全系统"](https://fofa.so/result?qbase64=Ym9keT0i6YeR5bGx5a6J5YWo566h55CGIiYmdGl0bGU9Iue7iOerr%2BWuieWFqOezu%2Be7nyI%3D)
+
+# Demo
+
+![Kingsoft_V8V9_get_file_content_php_Arbitrary_File_Read](Kingsoft_V8V9_get_file_content_php_Arbitrary_File_Read.gif)
--- a/Windor/FileDownLoad_aspx/README.md
+++ b/Windor/FileDownLoad_aspx/README.md
@ -0,0 +1,9 @@
+# Windor FileDownLoad.aspx Arbitrary File Read
+
+Yinda Huizhi intelligent integrated management platform FileDownLoad.aspx has arbitrary file reading vulnerabilities, through which the attacker can download any file in the server.
+
+FOFA **query rule**: [body="汇智信息" && title="智慧综合管理平台登入"](https://fofa.so/result?qbase64=Ym9keT0i5rGH5pm65L%2Bh5oGvIiAmJiB0aXRsZT0i5pm65oWn57u85ZCI566h55CG5bmz5Y%2Bw55m75YWlIg%3D%3D)
+
+# Demo
+
+![Windor_FileDownLoad_aspx_Arbitrary_File_Read](Windor_FileDownLoad_aspx_Arbitrary_File_Read.gif)
--- a/Windor/FileDownLoad_aspx/Windor_FileDownLoad_aspx_Arbitrary_File_Read.gif
+++ b/Windor/FileDownLoad_aspx/Windor_FileDownLoad_aspx_Arbitrary_File_Read.gif
--- a/Yunxintong/SMS/README.md
+++ b/Yunxintong/SMS/README.md
@ -0,0 +1,9 @@
+# Yunxintong Cropper.aspx Arbitrary File Read
+
+The short message operation management platform of Yunxintong Cropper.aspx has arbitrary file reading vulnerabilities. Attackers can obtain arbitrary information on the server through the vulnerabilities.
+
+FOFA **query rule**: [title="短信运营管理平台" && body="欢迎使用短信综合信息管理系统"](https://fofa.so/result?qbase64=dGl0bGU9IuefreS%2Foei%2FkOiQpeeuoeeQhuW5s%2BWPsCIgJiYgYm9keT0i5qyi6L%2BO5L2%2F55So55%2Bt5L%2Bh57u85ZCI5L%2Bh5oGv566h55CG57O757ufIg%3D%3D)
+
+# Demo
+
+![Yunxintong_Cropper_aspx_Arbitrary_File_Read](Yunxintong_Cropper_aspx_Arbitrary_File_Read.gif)
--- a/Yunxintong/SMS/Yunxintong_Cropper_aspx_Arbitrary_File_Read.gif
+++ b/Yunxintong/SMS/Yunxintong_Cropper_aspx_Arbitrary_File_Read.gif