Create CNVD-2023-96945.yaml

http/cnvd/2023/CNVD-2023-96945.yaml

@@ -0,0 +1,32 @@
+id: CNVD-2023-96945
+
+info:
+  name: McVie Safety Digital Management Platform - File Upload
+  author: DhiyaneshDk
+  severity: high
+  description: |
+    Jiangsu Maiwei Intelligent Technology Co., Ltd. is a software technology service provider focusing on customized development of software products. There is a file upload vulnerability in Jiangsu Maiwei Intelligent Technology Co., Ltd.'s safe production digital management platform. An attacker can use this vulnerability to gain server permissions.
+  reference:
+    - https://blog.csdn.net/weixin_42628854/article/details/136036109
+  metadata:
+    fofa-query: "安全生产数字化管理平台"
+    verified: true
+    max-request: 1
+  tags: cnvd,cnvd2023,file-upload
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/Content/Plugins/uploader/FileChoose.html"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "选择文件"
+          - "提交"
+        condition: and
+
+      - type: status
+        status:
+          - 200