33 lines
1.2 KiB
YAML
33 lines
1.2 KiB
YAML
id: CNVD-2023-96945
|
|
|
|
info:
|
|
name: McVie Safety Digital Management Platform - Arbitrary File Upload
|
|
author: DhiyaneshDk
|
|
severity: high
|
|
description: |
|
|
Jiangsu Maiwei Intelligent Technology Co., Ltd. is a software technology service provider focusing on customized development of software products. There is a file upload vulnerability in Jiangsu Maiwei Intelligent Technology Co., Ltd.'s safe production digital management platform. An attacker can use this vulnerability to gain server permissions.
|
|
reference:
|
|
- https://blog.csdn.net/weixin_42628854/article/details/136036109
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
fofa-query: "安全生产数字化管理平台"
|
|
tags: cnvd,cnvd2023,file-upload,mcvie
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/Content/Plugins/uploader/FileChoose.html"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "选择文件"
|
|
- "提交"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a00473045022100d33058dc7925d488f441ffb20666552cfa61013c0e48bcd8629a20e46433b5c1022071721f25284dce9bbcfbf4c5b64289209d5deb92805c05fa23d9e5291b7a39f0:922c64590222798bb761d5b6d8e72950 |