add Sahi_pro_7.x_8.x_Arbitrary_File_Read_CVE_2018_20470, Sahi_Pro_v8.x_RCE_CVE_2019_13597

2025-05-05 10:16:59 +00:00 · 2021-08-10 14:58:01 +08:00 · 2021-08-10 14:58:01 +08:00 · 76beb59e25
commit 76beb59e25
parent 0710f169bb
4 changed files with 18 additions and 0 deletions
--- a/Sahi-Pro/CVE-2018-20470/README.md
+++ b/Sahi-Pro/CVE-2018-20470/README.md
@ -0,0 +1,9 @@
+# Sahi pro 7.x 8.x Arbitrary File Read (CVE-2018-20470)
+
+An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
+
+**FOFA query rule**: [body="_s_/spr/" || "sahisid" || title="Sahi Launcher"](https://fofa.so/result?qbase64=Ym9keT0iX3NfL3Nwci8iIHx8ICJzYWhpc2lkIiB8fCB0aXRsZT0iU2FoaSBMYXVuY2hlciI%3D)
+
+# Demo
+
+![](Sahi_pro_7.x_8.x_Arbitrary_File_Read_CVE_2018_20470.gif)
--- a/Sahi-Pro/CVE-2018-20470/Sahi_pro_7.x_8.x_Arbitrary_File_Read_CVE_2018_20470.gif
+++ b/Sahi-Pro/CVE-2018-20470/Sahi_pro_7.x_8.x_Arbitrary_File_Read_CVE_2018_20470.gif
--- a/Sahi-Pro/CVE-2019-13597/README.md
+++ b/Sahi-Pro/CVE-2019-13597/README.md
@ -0,0 +1,9 @@
+# Sahi Pro v8.x RCE (CVE-2019-13597)
+
+`_s_/sprm/_s_/dyn/Player_setScriptFile` in Sahi Pro 8.0.0 allows command execution. It allows one to run .sah scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
+
+**FOFA query rule**: [body="_s_/spr/" || "sahisid" || title="Sahi Launcher"](https://fofa.so/result?qbase64=Ym9keT0iX3NfL3Nwci8iIHx8ICJzYWhpc2lkIiB8fCB0aXRsZT0iU2FoaSBMYXVuY2hlciI%3D)
+
+# Demo
+
+![](Sahi_Pro_v8.x_RCE_CVE_2019_13597.gif)
--- a/Sahi-Pro/CVE-2019-13597/Sahi_Pro_v8.x_RCE_CVE_2019_13597.gif
+++ b/Sahi-Pro/CVE-2019-13597/Sahi_Pro_v8.x_RCE_CVE_2019_13597.gif