daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/vulnerabilities/wanhu/wanhuoa-officeserverservlet...

35 lines
1.0 KiB
YAML
Executable File
Raw Blame History

id: wanhuoa-officeserverservlet-file-upload
info:
name: Wanhu OA OfficeServerServlet - Arbitrary File Upload
author: SleepingBag945
severity: critical
description: Wanhu OA officeserverservlet file upload vulnerability
reference:
- https://github.com/onMey/WH/blob/main/poc.py
- http://wiki.peiqi.tech/wiki/oa/万户OA/万户OA%20OfficeServer.jsp%20任意文件上传漏洞.html
metadata:
verified: true
max-request: 1
fofa-query: app="万户网络-ezOFFICE"
tags: wanhu,oa,officeserver,fileupload,intrusive
http:
- method: GET
path:
- "{{BaseURL}}/defaultroot/officeserverservlet"
matchers-condition: and
matchers:
- type: word
words:
- "DBSTEP V3.0"
- "Post"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100d355f898dcde53e0096bf7d7e6bd4cd6ff8da7da573ae7b626434e447dd524ce02210098d081209c785b2a0512eb7cf3cb43c13cff0c835517d104efb6f8f0e92345c3:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink