Merge pull request #1344 from projectdiscovery/princechaddha-patch-9

Create ueditor-file-upload.yaml

vulnerabilities/other/ueditor-file-upload.yaml

@@ -0,0 +1,23 @@
+id: ueditor-file-upload
+info:
+  name: UEditor Arbitrary File Upload
+  author: princechaddha
+  severity: high
+  reference: |
+    - https://zhuanlan.zhihu.com/p/85265552
+    - https://www.freebuf.com/vuls/181814.html
+  tags: ueditor,fileupload
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/ueditor/net/controller.ashx?action=catchimage&encode=utf-8"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "没有指定抓取源"
+        part: body