Create uediter-anyfile-upload-cnvd-2017-20077.yml (chaitin#878)

rtcatc · Sep 3, 2020 · d27ccf7 · d27ccf7
1 parent a311f2e
commit d27ccf7
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/pocs/uediter-cnvd-2017-20077-file-upload.yml b/pocs/uediter-cnvd-2017-20077-file-upload.yml
@@ -0,0 +1,17 @@
+name: poc-yaml-uediter-cnvd-2017-20077-file-upload
+rules:
+  - method: GET
+    path: /ueditor/net/controller.ashx?action=catchimage&encode=utf-8
+    headers:
+      Accept-Encoding: 'deflate'
+    follow_redirects: false
+    expression: |
+      response.status == 200 && response.body.bcontains(bytes(string("没有指定抓取源")))
+detail:
+  author: 清风明月(www.secbook.info)
+  influence_version: 'UEditor v1.4.3.3'
+  links:
+    - https://zhuanlan.zhihu.com/p/85265552
+    - https://www.freebuf.com/vuls/181814.html
+  exploit: >-
+    http://localhost/ueditor/net/controller.ashx?action=catchimage&encode=utf-8