McVie Safety Digital Management Platform - Arbitrary File Upload
ID: CNVD-2023-96945
Severity: high
Author: DhiyaneshDk
Tags: cnvd,cnvd2023,file-upload,mcvie
Description
Section titled “Description”Jiangsu Maiwei Intelligent Technology Co., Ltd. is a software technology service provider focusing on customized development of software products. There is a file upload vulnerability in Jiangsu Maiwei Intelligent Technology Co., Ltd.’s safe production digital management platform. An attacker can use this vulnerability to gain server permissions.
YAML Source
Section titled “YAML Source”id: CNVD-2023-96945
info: name: McVie Safety Digital Management Platform - Arbitrary File Upload author: DhiyaneshDk severity: high description: | Jiangsu Maiwei Intelligent Technology Co., Ltd. is a software technology service provider focusing on customized development of software products. There is a file upload vulnerability in Jiangsu Maiwei Intelligent Technology Co., Ltd.'s safe production digital management platform. An attacker can use this vulnerability to gain server permissions. reference: - https://blog.csdn.net/weixin_42628854/article/details/136036109 metadata: verified: true max-request: 1 fofa-query: "安全生产数字化管理平台" tags: cnvd,cnvd2023,file-upload,mcvie
http: - method: GET path: - "{{BaseURL}}/Content/Plugins/uploader/FileChoose.html"
matchers-condition: and matchers: - type: word words: - "选择文件" - "提交" condition: and
- type: status status: - 200# digest: 490a0046304402203f2743e52d7e3dc1ba2827c117c940c6d167546a71a74c1735e9e9bb7f9ebba402202cc127a2cb9363722a974cc9ad5819e00e3201c198c8fde5c4e4e75b017aa62d:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cnvd/2023/CNVD-2023-96945.yaml"